{ "version": 1, "updated_at": "2026-02-23T00:00:00+00:00", "description": "Offline OSV vulnerability cache. Keys: 'ecosystem:package:version'. Populate via dependency_scanner_tool with vuln_mode=online.", "entries": { "PyPI:requests:2.31.0": { "vulns": [], "cached_at": "2026-02-23T00:00:00+00:00" }, "PyPI:cryptography:41.0.0": { "vulns": [ { "id": "GHSA-jfh8-c2jp-5v3q", "aliases": ["CVE-2023-49083"], "summary": "cryptography vulnerable to NULL-dereference when loading PKCS12 files", "database_specific": {"severity": "MEDIUM"}, "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}], "affected": [ { "package": {"name": "cryptography", "ecosystem": "PyPI"}, "ranges": [ { "type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "41.0.6"}] } ] } ] } ], "cached_at": "2026-02-23T00:00:00+00:00" }, "npm:lodash:4.17.20": { "vulns": [ { "id": "GHSA-35jh-r3h4-6jhm", "aliases": ["CVE-2021-23337"], "summary": "Command Injection in lodash", "database_specific": {"severity": "HIGH"}, "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}], "affected": [ { "package": {"name": "lodash", "ecosystem": "npm"}, "ranges": [ { "type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "4.17.21"}] } ] } ] } ], "cached_at": "2026-02-23T00:00:00+00:00" }, "npm:lodash:4.17.21": { "vulns": [], "cached_at": "2026-02-23T00:00:00+00:00" }, "PyPI:pyyaml:5.4.1": { "vulns": [ { "id": "GHSA-8q59-q68h-6hv4", "aliases": ["CVE-2022-42966"], "summary": "PyYAML vulnerable to ReDoS in FullLoader", "database_specific": {"severity": "HIGH"}, "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}], "affected": [ { "package": {"name": "pyyaml", "ecosystem": "PyPI"}, "ranges": [ { "type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "6.0"}] } ] } ] } ], "cached_at": "2026-02-23T00:00:00+00:00" } } }