Skip to content

Update dependency com.sun.mail:jakarta.mail to v2.0.2#56

Open
dev-mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/com.sun.mail-jakarta.mail-2.x
Open

Update dependency com.sun.mail:jakarta.mail to v2.0.2#56
dev-mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/com.sun.mail-jakarta.mail-2.x

Update dependency com.sun.mail:jakarta.mail to v2.0.2

9250325
Select commit
Loading
Failed to load commit list.
Dev - Mend for GitHub.com / Mend Security Check failed Apr 26, 2026 in 22m 46s

Security Report

You have successfully remediated 32 vulnerabilities, but introduced 10 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue
CVE-2024-8309

Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260426233518_XGUGOZ/python_GLTVXO/202604262335181/env/lib/python3.9/site-packages/langchain-0.0.331.dist-info

Dependency Hierarchy:

-> ❌ langchain-0.0.331-py3-none-any.whl (Vulnerable Library)

Critical 9.8 Direct langchain-0.0.331-py3-none-any.whl langchain-0.0.331-py3-none-any.whl langchain - 0.2.0,langchain-community - 0.2.19,langchain - 0.2.0,langchain-community - 0.2.19 None
CVE-2025-68146

Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260426233518_XGUGOZ/python_GLTVXO/202604262335181/env/lib/python3.9/site-packages/filelock-3.19.1.dist-info

Dependency Hierarchy:

-> tokenizers-0.22.2-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Root Library)

   -> huggingface_hub-1.8.0-py3-none-any.whl

     -> ❌ filelock-3.19.1-py3-none-any.whl (Vulnerable Library)

Medium 6.3 Transitive filelock-3.19.1-py3-none-any.whl tokenizers-0.22.2-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl Transitive filelock - 3.20.1,https://github.com/tox-dev/filelock.git - 3.20.1 None
CVE-2021-41496

Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260426233518_XGUGOZ/python_GLTVXO/202604262335181/env/lib/python3.9/site-packages/numpy-1.26.4.dist-info

Dependency Hierarchy:

-> langchain-0.0.331-py3-none-any.whl (Root Library)

   -> ❌ numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.5 Transitive numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl langchain-0.0.331-py3-none-any.whl Transitive https://github.com/numpy/numpy.git - no_fix None
CVE-2021-41496

Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260426233518_XGUGOZ/python_GLTVXO/202604262335181/env/lib/python3.9/site-packages/numpy-1.26.4.dist-info

Dependency Hierarchy:

-> chromadb-0.4.14-py3-none-any.whl (Root Library)

   -> ❌ numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.5 Transitive numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl chromadb-0.4.14-py3-none-any.whl Transitive https://github.com/numpy/numpy.git - no_fix None
CVE-2021-41496

Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260426233518_XGUGOZ/python_GLTVXO/202604262335181/env/lib/python3.9/site-packages/numpy-1.26.4.dist-info

Dependency Hierarchy:

-> onnxruntime-1.19.2-cp39-cp39-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl (Root Library)

   -> ❌ numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.5 Transitive numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl onnxruntime-1.19.2-cp39-cp39-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl Transitive https://github.com/numpy/numpy.git - no_fix None
CVE-2021-41495

Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260426233518_XGUGOZ/python_GLTVXO/202604262335181/env/lib/python3.9/site-packages/numpy-1.26.4.dist-info

Dependency Hierarchy:

-> langchain-0.0.331-py3-none-any.whl (Root Library)

   -> ❌ numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.3 Transitive numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl langchain-0.0.331-py3-none-any.whl Transitive https://github.com/numpy/numpy.git - no_fix None
CVE-2021-41495

Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260426233518_XGUGOZ/python_GLTVXO/202604262335181/env/lib/python3.9/site-packages/numpy-1.26.4.dist-info

Dependency Hierarchy:

-> chromadb-0.4.14-py3-none-any.whl (Root Library)

   -> ❌ numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.3 Transitive numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl chromadb-0.4.14-py3-none-any.whl Transitive https://github.com/numpy/numpy.git - no_fix None
CVE-2021-41495

Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260426233518_XGUGOZ/python_GLTVXO/202604262335181/env/lib/python3.9/site-packages/numpy-1.26.4.dist-info

Dependency Hierarchy:

-> onnxruntime-1.19.2-cp39-cp39-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl (Root Library)

   -> ❌ numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.3 Transitive numpy-1.26.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl onnxruntime-1.19.2-cp39-cp39-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl Transitive https://github.com/numpy/numpy.git - no_fix None
CVE-2024-7042

Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260426233518_XGUGOZ/python_GLTVXO/202604262335181/env/lib/python3.9/site-packages/langchain-0.0.331.dist-info

Dependency Hierarchy:

-> ❌ langchain-0.0.331-py3-none-any.whl (Vulnerable Library)

Medium 4.9 Direct langchain-0.0.331-py3-none-any.whl langchain-0.0.331-py3-none-any.whl https://github.com/langchain-ai/langchainjs.git - no_fix None
CVE-2026-25645

Path to dependency file: /nifi-python-extensions/nifi-text-embeddings-module/src/main/python/vectorstores/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260426233518_XGUGOZ/python_GLTVXO/202604262335181/env/lib/python3.9/site-packages/requests-2.32.5.dist-info

Dependency Hierarchy:

-> ❌ requests-2.32.5-py3-none-any.whl (Vulnerable Library)

Medium 4.4 Direct requests-2.32.5-py3-none-any.whl requests-2.32.5-py3-none-any.whl Upgrade to version requests - 2.33.0 or greater None

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2025-69226 aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2026-34519 aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2025-69225 aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2025-62727 starlette-0.27.0-py3-none-any.whl
CVE-2026-0994 protobuf-4.24.4-cp37-abi3-manylinux2014_x86_64.whl
CVE-2025-66471 urllib3-2.0.7-py3-none-any.whl
CVE-2021-41495 numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
CVE-2026-34518 aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2026-34516 aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2025-69223 aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2026-34517 aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2026-34515 aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2025-54121 starlette-0.27.0-py3-none-any.whl
CVE-2026-34514 aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2026-34513 aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2024-5569 zipp-3.15.0-py3-none-any.whl
CVE-2025-53643 aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2025-7962 jakarta.mail-2.0.1.jar
CVE-2025-68146 filelock-3.12.2-py3-none-any.whl
CVE-2025-50181 urllib3-2.0.7-py3-none-any.whl
CVE-2025-50182 urllib3-2.0.7-py3-none-any.whl
CVE-2024-24762 fastapi-0.103.2-py3-none-any.whl
CVE-2026-34520 aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2025-43859 h11-0.14.0-py3-none-any.whl
CVE-2026-22815 aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2026-34525 aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2021-41496 numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
CVE-2026-25645 requests-2.31.0-py3-none-any.whl
CVE-2026-21441 urllib3-2.0.7-py3-none-any.whl
CVE-2024-47081 requests-2.31.0-py3-none-any.whl
CVE-2025-4565 protobuf-4.24.4-cp37-abi3-manylinux2014_x86_64.whl
CVE-2025-69229 aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Base branch total remaining vulnerabilities: 256
Base branch commit: null


Total libraries scanned: 2191

Scan token: 0a0c1756c3674f83b50cb83ce1d59dca

View more details on Dev - Mend for GitHub.com