Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
asyncreview 0.4.0 | Vulnerabilities | Sonatype Guide
npm
asyncreview
0.4.0
asyncreview 0.4.0
Published
Feb 2, 2026
•
Policy
compliance
npm Registry
Developer Trust Score
N/A
Recommended Version:
x.y.z
Best
Latest version with 0 known vulnerabilities that meets your policy.
Compare Versions
Overview
Overview
Versions
12
Versions
12
Vulnerabilities
11
Vulnerabilities
11
Dependencies
4
Dependencies
4
Reset filters
Severity
Critical
(0)
High
(5)
Medium
(0)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
7.0
CVE-2025-69872
DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache.
affected
Severity
High
Published
Feb 12, 2026
7.5
CVE-2024-39689
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."
affected
Severity
High
Published
Jul 8, 2024
7.5
CVE-2024-3651
A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.
affected
Severity
High
Published
Apr 12, 2024
7.5
sonatype-2021-0025
python-sqlalchemy - Deserialization of Untrusted Data
affected
Severity
High
Published
Jan 11, 2021
7.8
CVE-2018-20225
An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely
affected
Severity
High
Published
May 11, 2020
