Update dependency @angular/core to v19#53
Security Report
❌ New vulnerabilities:
| Vulnerability | Severity |  CVSS Score |
Vulnerable Library | Direct Library | Suggested Fix | Issue |
|---|---|---|---|---|---|---|
 Critical |
10.0 | Direct bcprov-jdk18on-1.77.jar |
bcprov-jdk18on-1.77.jar | 1.84 | None | |
CVE-2024-27444Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt Path to vulnerable library: /tmp/ws-ua_20260527023806_UVBBGJ/python_VRUBTV/202605270238071/env/lib/python3.10/site-packages/langchain-0.0.331.dist-info Dependency Hierarchy: -> ❌ langchain-0.0.331-py3-none-any.whl (Vulnerable Library) |
Critical |
9.8 | Direct langchain-0.0.331-py3-none-any.whl |
langchain-0.0.331-py3-none-any.whl | https://github.com/langchain-ai/langchain.git - no_fix | None |
CVE-2024-28088Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt Path to vulnerable library: /tmp/ws-ua_20260527023806_UVBBGJ/python_VRUBTV/202605270238071/env/lib/python3.10/site-packages/langchain-0.0.331.dist-info Dependency Hierarchy: -> ❌ langchain-0.0.331-py3-none-any.whl (Vulnerable Library) |
 High |
8.1 | Direct langchain-0.0.331-py3-none-any.whl |
langchain-0.0.331-py3-none-any.whl | langchain-core - 0.1.30,langchain - 0.0.339 | None |
CVE-2026-45134Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt Path to vulnerable library: /tmp/ws-ua_20260527023806_UVBBGJ/python_VRUBTV/202605270238071/env/lib/python3.10/site-packages/langsmith-0.0.92.dist-info Dependency Hierarchy: -> langchain-0.0.331-py3-none-any.whl (Root Library) -> ❌ langsmith-0.0.92-py3-none-any.whl (Vulnerable Library) |
High |
7.1 | Transitive langsmith-0.0.92-py3-none-any.whl |
langchain-0.0.331-py3-none-any.whl | Transitive Upgrade to version langchain-classic - 1.0.7 or greater |
None |
CVE-2026-45134Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt Path to vulnerable library: /tmp/ws-ua_20260527023806_UVBBGJ/python_VRUBTV/202605270238071/env/lib/python3.10/site-packages/langchain-0.0.331.dist-info Dependency Hierarchy: -> ❌ langchain-0.0.331-py3-none-any.whl (Vulnerable Library) |
High |
7.1 | Direct langchain-0.0.331-py3-none-any.whl |
langchain-0.0.331-py3-none-any.whl | Upgrade to version langchain-classic - 1.0.7 or greater | None |
CVE-2024-2057Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt Path to vulnerable library: /tmp/ws-ua_20260527023806_UVBBGJ/python_VRUBTV/202605270238071/env/lib/python3.10/site-packages/langchain-0.0.331.dist-info Dependency Hierarchy: -> ❌ langchain-0.0.331-py3-none-any.whl (Vulnerable Library) |
 Medium |
6.3 | Direct langchain-0.0.331-py3-none-any.whl |
langchain-0.0.331-py3-none-any.whl | langchain - 0.1.12 | None |
CVE-2026-41182Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt Path to vulnerable library: /tmp/ws-ua_20260527023806_UVBBGJ/python_VRUBTV/202605270238071/env/lib/python3.10/site-packages/langsmith-0.0.92.dist-info Dependency Hierarchy: -> langchain-0.0.331-py3-none-any.whl (Root Library) -> ❌ langsmith-0.0.92-py3-none-any.whl (Vulnerable Library) |
Medium |
5.3 | Transitive langsmith-0.0.92-py3-none-any.whl |
langchain-0.0.331-py3-none-any.whl | Transitive https://github.com/luanti-org/luanti.git - 5.15.2,langsmith - 0.5.19,langsmith - 0.7.31 |
None |
CVE-2024-8309Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt Path to vulnerable library: /tmp/ws-ua_20260527023806_UVBBGJ/python_VRUBTV/202605270238071/env/lib/python3.10/site-packages/langchain-0.0.331.dist-info Dependency Hierarchy: -> ❌ langchain-0.0.331-py3-none-any.whl (Vulnerable Library) |
Medium |
4.9 | Direct langchain-0.0.331-py3-none-any.whl |
langchain-0.0.331-py3-none-any.whl | langchain - 0.2.0,langchain-community - 0.2.19,langchain - 0.2.0,langchain-community - 0.2.19 | None |
CVE-2024-7042Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt Path to vulnerable library: /tmp/ws-ua_20260527023806_UVBBGJ/python_VRUBTV/202605270238071/env/lib/python3.10/site-packages/langchain-0.0.331.dist-info Dependency Hierarchy: -> ❌ langchain-0.0.331-py3-none-any.whl (Vulnerable Library) |
Medium |
4.9 | Direct langchain-0.0.331-py3-none-any.whl |
langchain-0.0.331-py3-none-any.whl | https://github.com/langchain-ai/langchainjs.git - no_fix | None |
CVE-2024-3095Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt Path to vulnerable library: /tmp/ws-ua_20260527023806_UVBBGJ/python_VRUBTV/202605270238071/env/lib/python3.10/site-packages/langchain-0.0.331.dist-info Dependency Hierarchy: -> ❌ langchain-0.0.331-py3-none-any.whl (Vulnerable Library) |
Medium |
4.8 | Direct langchain-0.0.331-py3-none-any.whl |
langchain-0.0.331-py3-none-any.whl | langchain-community - 0.2.9 | None |
CVE-2024-2965Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt Path to vulnerable library: /tmp/ws-ua_20260527023806_UVBBGJ/python_VRUBTV/202605270238071/env/lib/python3.10/site-packages/langchain-0.0.331.dist-info Dependency Hierarchy: -> ❌ langchain-0.0.331-py3-none-any.whl (Vulnerable Library) |
Medium |
4.2 | Direct langchain-0.0.331-py3-none-any.whl |
langchain-0.0.331-py3-none-any.whl | langchain-community - 0.2.5,langchain - 0.2.5 | None |
CVE-2024-0243Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt Path to vulnerable library: /tmp/ws-ua_20260527023806_UVBBGJ/python_VRUBTV/202605270238071/env/lib/python3.10/site-packages/langchain-0.0.331.dist-info Dependency Hierarchy: -> ❌ langchain-0.0.331-py3-none-any.whl (Vulnerable Library) |
 Low |
3.7 | Direct langchain-0.0.331-py3-none-any.whl |
langchain-0.0.331-py3-none-any.whl | langchain - 0.1.0,langchain - 0.1.0 | None |
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| CVE-2026-42587 | netty-codec-http2-4.1.101.Final.jar |
| CVE-2025-69226 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2026-34519 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-853521-722872 | commons-pool-1.5.4.jar |
| CVE-2025-69225 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2024-7254 | protobuf-java-3.21.12.jar |
| CVE-2025-62727 | starlette-0.27.0-py3-none-any.whl |
| CVE-2025-69227 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2024-43709 | elasticsearch-7.10.2.jar |
| CVE-2026-0994 | protobuf-4.24.4-cp37-abi3-manylinux2014_x86_64.whl |
| CVE-2025-66471 | urllib3-2.0.7-py3-none-any.whl |
| CVE-2024-52304 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| WS-2021-0646 | lucene-queryparser-8.4.0.jar |
| CVE-2026-34518 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2026-45409 | idna-3.6-py3-none-any.whl |
| CVE-2026-34516 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2025-69223 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2025-27496 | snowflake-jdbc-3.14.3.jar |
| CVE-2025-27817 | kafka-clients-3.6.0.jar |
| CVE-2026-34517 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2024-7254 | protobuf-java-2.5.0.jar |
| CVE-2024-23450 | elasticsearch-7.10.2.jar |
| CVE-2020-5403 | reactor-netty-http-1.0.39.jar |
| CVE-2026-34515 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2025-41249 | spring-core-6.1.1.jar |
| CVE-584561-462782 | jose4j-0.9.3.jar |
| CVE-2025-69224 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2022-3510 | protobuf-java-2.5.0.jar |
| CVE-2025-54121 | starlette-0.27.0-py3-none-any.whl |
| CVE-2021-22135 | elasticsearch-7.10.2.jar |
| CVE-2023-46673 | elasticsearch-7.10.2.jar |
| CVE-2025-24790 | snowflake-jdbc-3.14.3.jar |
| CVE-2026-34514 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2024-22243 | spring-web-6.1.1.jar |
| CVE-2023-31417 | elasticsearch-7.10.2.jar |
| CVE-2024-38819 | spring-webmvc-6.1.1.jar |
| CVE-2021-34141 | numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl |
| CVE-2026-22741 | spring-webmvc-6.1.1.jar |
| CVE-2026-3505 | bcpg-jdk18on-1.77.jar |
| CVE-2024-6763 | jetty-http-12.0.3.jar |
| CVE-2026-34513 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2024-5569 | zipp-3.15.0-py3-none-any.whl |
| CVE-50240-896950 | classmate-1.5.1.jar |
| CVE-2025-12183 | lz4-java-1.8.0.jar |
| CVE-2024-23945 | hive-service-3.1.3.jar |
| CVE-2026-35554 | kafka-clients-3.6.0.jar |
| CVE-2019-10202 | jackson-mapper-asl-1.9.13.jar |
| CVE-2021-22144 | elasticsearch-7.10.2.jar |
| CVE-2026-42587 | netty-codec-http-4.1.101.Final.jar |
| CVE-2025-41242 | spring-webmvc-6.1.1.jar |
| CVE-2025-53643 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2025-66566 | lz4-java-1.8.0.jar |
| CVE-2023-49082 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2026-41635 | mina-core-2.1.6.jar |
| CVE-2023-49081 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2026-41635 | mina-core-2.2.3.jar |
| CVE-2024-38809 | spring-web-6.1.1.jar |
| CVE-2025-4949 | org.eclipse.jgit-6.7.0.202309050840-r.jar |
| CVE-2020-5404 | reactor-netty-http-1.0.39.jar |
| CVE-2026-22745 | spring-webmvc-6.1.1.jar |
| CVE-2026-43869 | libthrift-0.14.1.jar |
| CVE-2025-68146 | filelock-3.12.2-py3-none-any.whl |
| WS-2021-0646 | lucene-core-8.4.0.jar |
| CVE-2024-38829 | spring-ldap-core-2.4.1.jar |
| CVE-2023-25194 | kafka-clients-2.8.1.jar |
| CVE-2025-37731 | elasticsearch-7.10.2.jar |
| WS-2023-0180 | sympy-1.10.1-py3-none-any.whl |
| CVE-2024-58103 | wire-runtime-4.3.0.jar |
| WS-2021-0646 | lucene-suggest-8.4.0.jar |
| CVE-2024-22259 | spring-web-6.1.1.jar |
| CVE-2025-50181 | urllib3-2.0.7-py3-none-any.whl |
| CVE-2025-22227 | reactor-netty-http-1.0.39.jar |
| CVE-2019-10172 | jackson-mapper-asl-1.9.13.jar |
| CVE-2025-37727 | elasticsearch-7.10.2.jar |
| CVE-2024-22257 | spring-security-core-6.2.0.jar |
| CVE-2025-50182 | urllib3-2.0.7-py3-none-any.whl |
| CVE-2020-5407 | spring-security-core-6.2.0.jar |
| CVE-2022-3509 | protobuf-java-2.5.0.jar |
| CVE-2024-24762 | fastapi-0.103.2-py3-none-any.whl |
| CVE-2026-45292 | opentelemetry-api-1.15.0.jar |
| CVE-2019-20444 | netty-3.10.6.Final.jar |
| CVE-2024-12801 | logback-core-1.3.14.jar |
| CVE-2024-31141 | kafka-clients-2.8.1.jar |
| CVE-2019-0205 | libthrift-0.9.3.jar |
| CVE-2024-22234 | spring-security-core-6.2.0.jar |
| CVE-2018-11798 | libthrift-0.9.3.jar |
| CVE-2026-44431 | urllib3-2.0.7-py3-none-any.whl |
| CVE-2026-45799 | wire-runtime-jvm-4.3.0.jar |
| CVE-2026-34520 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2026-35554 | kafka-clients-2.8.1.jar |
| CVE-2024-56128 | kafka_2.12-2.8.1.jar |
| CVE-2026-42580 | netty-codec-http-4.1.101.Final.jar |
| CVE-2025-22228 | spring-security-crypto-6.2.0.jar |
| CVE-2023-50298 | solr-solrj-streaming-9.4.0.jar |
| CVE-954927-157822 | jnr-x86asm-1.0.2.jar |
| CVE-2024-38829 | spring-ldap-core-3.2.0.jar |
| CVE-2025-43859 | h11-0.14.0-py3-none-any.whl |
| CVE-2025-27819 | kafka_2.12-2.8.1.jar |
| CVE-2026-42577 | netty-transport-native-epoll-4.1.101.Final.jar |
| CVE-2025-67721 | aircompressor-0.10.jar |
| CVE-2025-31672 | poi-ooxml-5.2.5.jar |
| CVE-2025-41234 | spring-web-6.1.1.jar |
| CVE-2025-27818 | kafka_2.12-2.8.1.jar |
| CVE-2024-31141 | kafka-clients-2.6.3.jar |
| CVE-2025-66516 | tika-parser-pdf-module-2.9.1.jar |
| CVE-2025-69230 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2026-42581 | netty-codec-http-4.1.101.Final.jar |
| CVE-2024-52046 | mina-core-2.1.6.jar |
| CVE-2024-52046 | mina-core-2.2.3.jar |
| CVE-2026-22815 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2018-1196 | spring-boot-3.2.0.jar |
| CVE-2026-34525 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2020-13949 | libthrift-0.9.3.jar |
| CVE-2025-22235 | spring-boot-3.2.0.jar |
| CVE-2018-1271 | spring-core-6.1.1.jar |
| CVE-2026-3293 | snowflake-jdbc-3.14.3.jar |
| CVE-2018-1199 | spring-security-core-6.2.0.jar |
| CVE-2018-10237 | guava-19.0.jar |
| CVE-2024-27306 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2023-49921 | elasticsearch-7.10.2.jar |
| CVE-2025-1948 | jetty-http2-common-12.0.3.jar |
| CVE-2023-31419 | elasticsearch-7.10.2.jar |
| CVE-2023-34610 | json-io-2.5.1.jar |
| CVE-2025-66566 | lz4-java-1.7.1.jar |
| CVE-2021-22145 | elasticsearch-rest-client-7.10.2.jar |
| CVE-2021-22570 | protobuf-java-2.5.0.jar |
| CVE-2024-38820 | spring-web-6.1.1.jar |
| CVE-2024-31141 | kafka-clients-3.6.0.jar |
| CVE-2026-43869 | libthrift-0.9.3.jar |
| CVE-2026-42584 | netty-codec-http-4.1.101.Final.jar |
| CVE-2024-37891 | urllib3-2.0.7-py3-none-any.whl |
| CVE-2024-30251 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2024-23953 | hive-llap-common-3.1.3.jar |
| CVE-2023-31418 | elasticsearch-7.10.2.jar |
| CVE-2023-25194 | kafka-clients-2.6.3.jar |
| CVE-2022-3171 | protobuf-java-2.5.0.jar |
| CVE-2018-1257 | spring-core-6.1.1.jar |
| CVE-2022-34917 | kafka-clients-2.8.1.jar |
| CVE-2026-42585 | netty-codec-http-4.1.101.Final.jar |
| CVE-10602-57859 | android-json-0.0.20131108.vaadin1.jar |
| CVE-2024-43382 | snowflake-jdbc-3.14.3.jar |
| CVE-2025-67721 | aircompressor-0.21.jar |
| CVE-2024-29131 | commons-configuration2-2.8.0.jar |
| CVE-2025-46392 | commons-configuration-1.10.jar |
| CVE-2018-1320 | libthrift-0.9.3.jar |
| CVE-2026-25645 | requests-2.31.0-py3-none-any.whl |
| CVE-2025-24789 | snowflake-jdbc-3.14.3.jar |
| CVE-2025-59419 | netty-codec-smtp-4.1.101.Final.jar |
| CVE-2026-21441 | urllib3-2.0.7-py3-none-any.whl |
| CVE-2024-35195 | requests-2.31.0-py3-none-any.whl |
| CVE-2024-29371 | jose4j-0.9.3.jar |
| CVE-2024-47081 | requests-2.31.0-py3-none-any.whl |
| WS-2021-0646 | lucene-analyzers-common-8.4.0.jar |
| CVE-2024-38816 | spring-webmvc-6.1.1.jar |
| CVE-2024-22262 | spring-web-6.1.1.jar |
| CVE-2024-21742 | apache-mime4j-core-0.8.9.jar |
| CVE-2025-22233 | spring-context-6.1.1.jar |
| CVE-2024-29869 | hive-exec-3.1.3.jar |
| CVE-2024-29133 | commons-configuration2-2.8.0.jar |
| CVE-2025-12183 | lz4-java-1.7.1.jar |
| CVE-2024-23444 | elasticsearch-7.10.2.jar |
| CVE-2014-9390 | org.eclipse.jgit-6.7.0.202309050840-r.jar |
| CVE-2025-67721 | aircompressor-0.25.jar |
| CVE-2024-12798 | logback-core-1.3.14.jar |
| CVE-2025-69228 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-736350-601740 | classmate-1.5.1.jar |
| CVE-2025-55163 | netty-codec-http2-4.1.101.Final.jar |
| CVE-2026-2332 | jetty-http-12.0.3.jar |
| CVE-2025-4565 | protobuf-4.24.4-cp37-abi3-manylinux2014_x86_64.whl |
| CVE-2025-69229 | aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-988087-351947 | byte-buddy-1.14.9.jar |
Base branch total remaining vulnerabilities: 320
Base branch commit: null
Total libraries scanned: 1074
Scan token: 0f081fb20a164b82be129edb18262df2