Skip to content

Commit ec2e4cb

Browse files
authored
Merge pull request #479 from nadezhdafilina/update-python-libs
ELSDOC-194, updated python libraries
2 parents 0262ee9 + d5f6272 commit ec2e4cb

7 files changed

Lines changed: 106 additions & 27 deletions

File tree

docs/.vuepress/components/ELSTechnology.vue

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -989,12 +989,12 @@ const techData = [
989989
projects: [
990990
{
991991
name: "aiohttp",
992-
versions: "3.8.1 | 3.8.4 | 3.8.5",
992+
versions: "3.8.1 | 3.8.4 | 3.8.5 | 3.8.6",
993993
link: "./python-libraries/",
994994
},
995995
{
996996
name: "celery",
997-
versions: "5.1.2",
997+
versions: "4.4.7 | 5.1.2",
998998
link: "./celery/",
999999
},
10001000
{
@@ -1112,14 +1112,19 @@ const techData = [
11121112
versions: "0.6.1",
11131113
link: "./python-libraries/",
11141114
},
1115+
{
1116+
name: "pip",
1117+
versions: "9.0",
1118+
link: "./python-libraries/",
1119+
},
11151120
{
11161121
name: "Pillow",
11171122
versions: "8.4.0 | 9.4.0 | 9.5.0 | 11.2.1",
11181123
link: "./python-libraries/",
11191124
},
11201125
{
11211126
name: "protobuf",
1122-
versions: "4.24.3",
1127+
versions: "3.17.0 | 3.20.3 | 4.24.3 | 4.25.8",
11231128
link: "./python-libraries/",
11241129
},
11251130
{
@@ -1192,6 +1197,11 @@ const techData = [
11921197
versions: "1.13.1",
11931198
link: "./python-libraries/",
11941199
},
1200+
{
1201+
name: "tornado",
1202+
versions: "6.1.0",
1203+
link: "./python-libraries/",
1204+
},
11951205
{
11961206
name: "tqdm",
11971207
versions: "4.66.1",

docs/els-for-libraries/celery/README.md

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ Endless Lifecycle Support (ELS) for Libraries from TuxCare provides security fix
44

55
## Supported Celery Versions
66

7-
* **Celery** 5.1.2
7+
* **Celery** 4.4.7, 5.1.2
88

99
Other versions upon request.
1010

@@ -94,8 +94,9 @@ TuxCare provides VEX for Celery ELS versions: [security.tuxcare.com/vex/cycloned
9494

9595
Fixes for the following vulnerabilities are available in ELS for Celery from TuxCare versions:
9696

97-
| CVE ID | Severity | Library | Vulnerable Versions | Safe Version |
98-
| :------------: | :------: | :-----: | :-----------------: | :-----------------: |
99-
| CVE-2021-23727 | High | celery | 5.1.2 | 5.1.2.post1+tuxcare |
97+
| CVE ID | Severity | Library | Vulnerable Versions | Safe Version |
98+
| :------------: | :------: | :-----: | :-----------------: | :------------------: |
99+
| CVE-2021-23727 | High | celery | 4.4.7 | 4.4.7.post1+tuxcare |
100+
| CVE-2021-23727 | High | celery | 5.1.2 | 5.1.2.post1+tuxcare |
100101

101102
If you are interested in the TuxCare Endless Lifecycle Support, contact [sales@tuxcare.com](mailto:sales@tuxcare.com).

docs/els-for-libraries/django/README.md

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -97,9 +97,11 @@ Fixes for the following vulnerabilities are available in ELS for Django from Tux
9797
| CVE ID | Severity | Library | Vulnerable Versions | Safe Version |
9898
| :------------: | :------: | :-----: | :-----------------: | :------------------: |
9999
| CVE-2025-57833 | High | django | 3.2.25 | 3.2.25.post1+tuxcare |
100-
| CVE-2025-48432 | N/A | django | 4.2 | 4.2.post1+tuxcare |
101-
| CVE-2025-48432 | N/A | django | 5.1.9 | 5.1.9.post1+tuxcare |
102-
| CVE-2025-27556 | N/A | django | 5.1 | 5.1.post2+tuxcare |
100+
| CVE-2025-64458 | High | django | 3.2.25 | 3.2.25.post2+tuxcare |
101+
| CVE-2025-64459 | Critical | django | 3.2.25 | 3.2.25.post2+tuxcare |
102+
| CVE-2025-48432 | Medium | django | 4.2 | 4.2.post1+tuxcare |
103+
| CVE-2025-48432 | Medium | django | 5.1.9 | 5.1.9.post1+tuxcare |
104+
| CVE-2025-27556 | High | django | 5.1 | 5.1.post2+tuxcare |
103105
| CVE-2024-56374 | Medium | django | 5.1.4 | 5.1.4.post1+tuxcare |
104106
| CVE-2024-53908 | N/A | django | 5.1 | 5.1.post3+tuxcare |
105107
| CVE-2024-53907 | N/A | django | 5.1 | 5.1.post3+tuxcare |
@@ -124,8 +126,8 @@ Fixes for the following vulnerabilities are available in ELS for Django from Tux
124126
| CVE-2022-34265 | Critical | django | 4.0 | 4.0.post3+tuxcare |
125127
| CVE-2022-28347 | Critical | django | 4.0 | 4.0.post3+tuxcare |
126128
| CVE-2022-28346 | Critical | django | 4.0 | 4.0.post4+tuxcare |
127-
| CVE-2022-23833 | N/A | django | 4.0 | 4.0.post6+tuxcare |
128-
| CVE-2022-22818 | N/A | django | 4.0 | 4.0.post5+tuxcare |
129+
| CVE-2022-23833 | High | django | 4.0 | 4.0.post6+tuxcare |
130+
| CVE-2022-22818 | Medium | django | 4.0 | 4.0.post5+tuxcare |
129131
| CVE-2021-45452 | Medium | django | 4.0 | 4.0.post4+tuxcare |
130132
| CVE-2021-45116 | High | django | 4.0 | 4.0.post2+tuxcare |
131133
| CVE-2021-45115 | High | django | 4.0 | 4.0.post4+tuxcare |

docs/els-for-libraries/numpy/README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -99,5 +99,6 @@ Fixes for the following vulnerabilities are available in ELS for NumPy from TuxC
9999
| CVE-2021-34141 | Medium | numpy | 1.15.4 | 1.15.4.post2+tuxcare |
100100
| CVE-2019-6446 | Critical | numpy | 1.15.4 | 1.15.4.post1+tuxcare |
101101
| CVE-2019-6446 | Critical | numpy | 1.16.0 | 1.16.0.post1+tuxcare |
102+
| CVE-2021-41496 | Medium | numpy | 1.16.0 | 1.16.0.post2+tuxcare |
102103

103104
If you are interested in the TuxCare Endless Lifecycle Support, contact [sales@tuxcare.com](mailto:sales@tuxcare.com).

docs/els-for-libraries/python-libraries/README.md

Lines changed: 69 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ Endless Lifecycle Support (ELS) for Libraries from TuxCare provides security fix
44

55
## Supported Python Libraries
66

7-
* **aiohttp** 3.8.1, 3.8.4, 3.8.5
7+
* **aiohttp** 3.8.1, 3.8.4, 3.8.5, 3.8.6
88
* **certifi** 2021.10.8, 2022.12.7, 2023.7.22
99
* **cryptography** 3.4.8, 41.0.7, 42.0.0, 42.0.8, 43.0.1, 43.0.3
1010
* **deepdiff** 6.2.3
@@ -24,8 +24,9 @@ Endless Lifecycle Support (ELS) for Libraries from TuxCare provides security fix
2424
* **pandas** 2.2.0, 2.2.2
2525
* **paramiko** 3.0.0
2626
* **pdfkit** 0.6.1
27+
* **pip** 9.0
2728
* **Pillow** 8.4.0, 9.4.0, 9.5.0, 11.2.1
28-
* **protobuf** 4.24.3
29+
* **protobuf** 3.17.0, 3.20.0, 4.24.3, 4.25.8
2930
* **pydantic** 1.10.5
3031
* **PyJWT** 1.7.1, 2.3.0, 2.8.0, 2.10.1
3132
* **pymongo** 3.13.0
@@ -39,6 +40,7 @@ Endless Lifecycle Support (ELS) for Libraries from TuxCare provides security fix
3940
* **scikit-learn** 1.0.2
4041
* **setuptools** 65.5.1, 68.0.0, 70.3.0, 75.0.0, 75.8.0
4142
* **torch** 1.13.1
43+
* **tornado** 6.1.0
4244
* **tqdm** 4.66.1
4345
* **twisted** 20.3.0
4446
* **urllib3** 1.25.11, 1.26.4, 1.26.20, 2.0.7
@@ -142,13 +144,28 @@ Fixes for the following vulnerabilities are available in ELS for Python Librarie
142144

143145
<template #aiohttp>
144146

145-
| CVE ID | Severity | Vulnerable Versions | Safe Version |
146-
| :------------: | :------: | :-----------------: | :-----------------: |
147-
| CVE-2024-52304 | High | 3.8.5 | 3.8.5.post2+tuxcare |
148-
| CVE-2023-49082 | Medium | 3.8.5 | 3.8.5.post1+tuxcare |
149-
| CVE-2023-47627 | High | 3.8.1 | 3.8.1.post1+tuxcare |
150-
| CVE-2023-47627 | High | 3.8.5 | 3.8.5.post1+tuxcare |
151-
| CVE-2023-37276 | High | 3.8.4 | 3.8.4.post1+tuxcare |
147+
| CVE ID | Severity | Vulnerable Versions | Safe Version |
148+
| :-----------------: | :------: | :-----------------: | :-----------------: |
149+
| CVE-2025-53643 | High | 3.8.1 | 3.8.1.post5+tuxcare |
150+
| CVE-2024-52304 | High | 3.8.1 | 3.8.1.post7+tuxcare |
151+
| CVE-2024-52304 | High | 3.8.5 | 3.8.5.post2+tuxcare |
152+
| CVE-2024-30251 | High | 3.8.1 | 3.8.1.post4+tuxcare |
153+
| CVE-2024-30251 | High | 3.8.6 | 3.8.6.post1+tuxcare |
154+
| CVE-2024-27306 | Medium | 3.8.1 | 3.8.1.post6+tuxcare |
155+
| CVE-2024-23829 | Medium | 3.8.1 | 3.8.1.post3+tuxcare |
156+
| CVE-2024-23829 | Medium | 3.8.5 | 3.8.5.post3+tuxcare |
157+
| CVE-2024-23334 | High | 3.8.1 | 3.8.1.post7+tuxcare |
158+
| CVE-2024-23334 | High | 3.8.5 | 3.8.5.post3+tuxcare |
159+
| CVE-2023-49082 | Medium | 3.8.1 | 3.8.1.post6+tuxcare |
160+
| CVE-2023-49082 | Medium | 3.8.5 | 3.8.5.post1+tuxcare |
161+
| CVE-2023-49082 | Medium | 3.8.6 | 3.8.6.post2+tuxcare |
162+
| CVE-2023-49081 | Medium | 3.8.1 | 3.8.1.post2+tuxcare |
163+
| CVE-2023-49081 | Medium | 3.8.5 | 3.8.5.post4+tuxcare |
164+
| CVE-2023-47627 | High | 3.8.1 | 3.8.1.post1+tuxcare |
165+
| CVE-2023-47627 | High | 3.8.5 | 3.8.5.post1+tuxcare |
166+
| CVE-2023-37276 | High | 3.8.1 | 3.8.1.post5+tuxcare |
167+
| CVE-2023-37276 | High | 3.8.4 | 3.8.4.post1+tuxcare |
168+
| GHSA-pjjw-qhg8-p2p9 | High | 3.8.1 | 3.8.1.post7+tuxcare |
152169

153170
</template>
154171

@@ -170,6 +187,7 @@ Fixes for the following vulnerabilities are available in ELS for Python Librarie
170187
| :-----------------: | :------: | :-----------------: | :------------------: |
171188
| CVE-2024-26130 | High | 41.0.7 | 41.0.7.post1+tuxcare |
172189
| CVE-2024-26130 | High | 42.0.0 | 42.0.0.post1+tuxcare |
190+
| CVE-2024-0727 | Medium | 41.0.7 | 41.0.7.post2+tuxcare |
173191
| CVE-2024-12797 | Medium | 3.4.8 | 3.4.8.post3+tuxcare |
174192
| CVE-2024-12797 | Medium | 42.0.0 | 42.0.0.post1+tuxcare |
175193
| CVE-2024-12797 | Medium | 42.0.8 | 42.0.8.post1+tuxcare |
@@ -235,6 +253,7 @@ Fixes for the following vulnerabilities are available in ELS for Python Librarie
235253
| CVE-2024-6827 | High | 20.1.0 | 20.1.0.post1+tuxcare |
236254
| CVE-2024-6827 | High | 21.2.0 | 21.2.0.post2+tuxcare |
237255
| CVE-2024-6827 | High | 22.0.0 | 22.0.0.post1+tuxcare |
256+
| CVE-2024-6827 | High | 20.0.4 | 20.0.4.post2+tuxcare |
238257
| CVE-2024-1135 | High | 20.0.4 | 20.0.4.post1+tuxcare |
239258
| CVE-2024-1135 | High | 20.1.0 | 20.1.0.post1+tuxcare |
240259
| CVE-2024-1135 | High | 21.2.0 | 21.2.0.post2+tuxcare |
@@ -296,6 +315,9 @@ Fixes for the following vulnerabilities are available in ELS for Python Librarie
296315
| :-----------: | :------: | :-----------------: | :-------------------: |
297316
| CVE-2024-6838 | Medium | 2.22.4 | 2.22.4.post1+tuxcare |
298317
| CVE-2024-156 | Medium | 2.22.4 | 2.22.4.post1+tuxcare |
318+
| CVE-2025-0453 | High | 2.22.4 | 2.22.4.post1+tuxcare |
319+
| CVE-2025-14279| High | 2.22.4 | 2.22.4.post1+tuxcare |
320+
299321

300322
</template>
301323

@@ -361,11 +383,23 @@ Fixes for the following vulnerabilities are available in ELS for Python Librarie
361383

362384
</template>
363385

386+
<template #pip>
387+
388+
| CVE ID | Severity | Vulnerable Versions | Safe Version |
389+
| :------------: | :------: | :-----------------: | :-----------------: |
390+
| CVE-2019-20916 | High | 9.0 | 9.0.post1+tuxcare |
391+
392+
</template>
393+
364394
<template #protobuf>
365395

366-
| CVE ID | Severity | Vulnerable Versions | Safe Version |
367-
| :-----------: | :------: | :-----------------: | :------------------: |
368-
| CVE-2025-4565 | Medium | 4.24.3 | 4.24.3.post1+tuxcare |
396+
| CVE ID | Severity | Vulnerable Versions | Safe Version |
397+
| :-----------: | :------: | :-----------------: | :-------------------: |
398+
| CVE-2026-0994 | N/A | 3.20.3 | 3.20.3.post1+tuxcare |
399+
| CVE-2026-0994 | N/A | 4.25.8 | 4.25.8.post1+tuxcare |
400+
| CVE-2025-4565 | Medium | 3.20.3 | 3.20.3.post1+tuxcare |
401+
| CVE-2025-4565 | Medium | 4.24.3 | 4.24.3.post1+tuxcare |
402+
| CVE-2022-1941 | High | 3.17.0 | 3.17.0.post1+tuxcare |
369403

370404
</template>
371405

@@ -419,6 +453,7 @@ Fixes for the following vulnerabilities are available in ELS for Python Librarie
419453
| CVE ID | Severity | Vulnerable Versions | Safe Version |
420454
| :------------: | :------: | :-----------------: | :-----------------: |
421455
| CVE-2024-33664 | Medium | 3.3.0 | 3.3.0.post1+tuxcare |
456+
| CVE-2024-33663 | Medium | 3.3.0 | 3.3.0.post2+tuxcare |
422457

423458
</template>
424459

@@ -427,6 +462,7 @@ Fixes for the following vulnerabilities are available in ELS for Python Librarie
427462
| CVE ID | Severity | Vulnerable Versions | Safe Version |
428463
| :------------: | :------: | :-----------------: | :-----------------: |
429464
| CVE-2024-24762 | High | 0.0.6 | 0.0.6.post1+tuxcare |
465+
| CVE-2024-53981 | High | 0.0.6 | 0.0.6.post2+tuxcare |
430466

431467
</template>
432468

@@ -491,6 +527,15 @@ Fixes for the following vulnerabilities are available in ELS for Python Librarie
491527

492528
</template>
493529

530+
<template #tornado>
531+
532+
| CVE ID | Severity | Vulnerable Versions | Safe Version |
533+
| :------------: | :------: | :-----------------: | :------------------: |
534+
| CVE-2025-47287 | N/A | 6.1.0 | 6.1.0.post1+tuxcare |
535+
| CVE-2024-52804 | N/A | 6.1.0 | 6.1.0.post1+tuxcare |
536+
537+
</template>
538+
494539
<template #tqdm>
495540

496541
| CVE ID | Severity | Vulnerable Versions | Safe Version |
@@ -514,11 +559,23 @@ Fixes for the following vulnerabilities are available in ELS for Python Librarie
514559

515560
| CVE ID | Severity | Vulnerable Versions | Safe Version |
516561
| :------------: | :------: | :-----------------: | :-------------------: |
562+
| CVE-2026-21441 | High | 1.26.20 | 1.26.20.post3+tuxcare |
563+
| CVE-2025-66471 | High | 1.25.11 | 1.25.11.post3+tuxcare |
564+
| CVE-2025-66471 | High | 1.26.4 | 1.26.4.post3+tuxcare |
565+
| CVE-2025-66471 | High | 1.26.20 | 1.26.20.post2+tuxcare |
566+
| CVE-2025-66418 | High | 1.25.11 | 1.25.11.post3+tuxcare |
567+
| CVE-2025-66418 | High | 1.26.4 | 1.26.4.post3+tuxcare |
568+
| CVE-2025-66418 | High | 1.26.20 | 1.26.20.post2+tuxcare |
569+
| CVE-2025-50181 | Medium | 1.25.11 | 1.25.11.post3+tuxcare |
570+
| CVE-2025-50181 | Medium | 1.26.4 | 1.26.4.post4+tuxcare |
517571
| CVE-2025-50181 | Medium | 1.26.20 | 1.26.20.post1+tuxcare |
572+
| CVE-2025-50181 | Medium | 2.0.7 | 2.0.7.post1+tuxcare |
518573
| CVE-2024-37891 | Medium | 1.26.4 | 1.26.4.post2+tuxcare |
519574
| CVE-2023-45803 | Medium | 1.25.11 | 1.25.11.post2+tuxcare |
520575
| CVE-2023-45803 | Medium | 1.26.4 | 1.26.4.post1+tuxcare |
576+
| CVE-2023-43804 | High | 1.25.11 | 1.25.11.post4+tuxcare |
521577
| CVE-2021-33503 | High | 1.25.11 | 1.25.11.post2+tuxcare |
578+
| CVE-2021-33503 | High | 1.26.4 | 1.26.4.post4+tuxcare |
522579

523580
</template>
524581

docs/els-for-libraries/starlette/README.md

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ Endless Lifecycle Support (ELS) for Libraries from TuxCare provides security fix
44

55
## Supported Starlette Versions
66

7-
* **Starlette** 0.27.0
7+
* **Starlette** 0.13.6, 0.27.0
88

99
Other versions upon request.
1010

@@ -96,8 +96,12 @@ Fixes for the following vulnerabilities are available in ELS for Starlette from
9696

9797
| CVE ID | Severity | Library | Vulnerable Versions | Safe Version |
9898
| :------------: | :------: | :-------: | :-----------------: | :------------------: |
99-
| CVE-2025-54121 | N/A | starlette | 0.27.0 | 0.27.0.post2+tuxcare |
99+
| CVE-2025-54121 | Medium | starlette | 0.13.6 | 0.13.6.post1+tuxcare |
100+
| CVE-2025-54121 | Medium | starlette | 0.27.0 | 0.27.0.post2+tuxcare |
101+
| CVE-2024-47874 | High | starlette | 0.13.6 | 0.13.6.post2+tuxcare |
100102
| CVE-2024-47874 | High | starlette | 0.27.0 | 0.27.0.post1+tuxcare |
103+
| CVE-2023-30798 | High | starlette | 0.13.6 | 0.13.6.post2+tuxcare |
104+
| CVE-2023-29159 | High | starlette | 0.13.6 | 0.13.6.post2+tuxcare |
101105

102106
**N/A (Not Available)** means that the National Vulnerability Database (NVD) has registered this CVE, but an official CVSS severity score has not yet been assigned.
103107

docs/els-for-libraries/werkzeug/README.md

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ Endless Lifecycle Support (ELS) for Libraries from TuxCare provides security fix
44

55
## Supported Werkzeug Versions
66

7-
* **Werkzeug** 1.0.1, 2.2.3
7+
* **Werkzeug** 1.0.1, 2.2.3, 2.3.8
88

99
Other versions upon request.
1010

@@ -102,5 +102,9 @@ Fixes for the following vulnerabilities are available in ELS for Werkzeug from T
102102
| CVE-2024-34069 | High | werkzeug | 1.0.1 | 1.0.1.post2+tuxcare |
103103
| CVE-2023-25577 | High | werkzeug | 1.0.1 | 1.0.1.post1+tuxcare |
104104
| CVE-2023-23934 | Low | werkzeug | 1.0.1 | 1.0.1.post3+tuxcare |
105+
| CVE-2025-66221 | Medium | werkzeug | 2.3.8 | 2.3.8.post1+tuxcare |
106+
| CVE-2024-49766 | Medium | werkzeug | 2.2.3 | 2.2.3.post3+tuxcare |
107+
| CVE-2023-46136 | High | werkzeug | 1.0.1 | 1.0.1.post4+tuxcare |
108+
| CVE-2023-46136 | High | werkzeug | 2.2.3 | 2.2.3.post4+tuxcare |
105109

106110
If you are interested in the TuxCare Endless Lifecycle Support, contact [sales@tuxcare.com](mailto:sales@tuxcare.com).

0 commit comments

Comments
 (0)