A security vulnerability found for a package
One or more packages in the software stack have security vulnerability.
The recommendation engine found a package that has assigned one or multiple CVEs. See What is CVE? for more information on the security and possible implications.
If the recommendation type is set to secure, the recommendation engine always tries to find a CVE-free software stack.
The recommendation engine uses PyUP Safety DB which gets periodically updated on the recommendation engine side.
See the justification reported for the listing of affected packages.
The recommendation engine tries to find a more suitable software stack that would be more secure.
If the recommended software stack still has CVEs stated, the resolution process was not able to come up with a better software stack.
A special case is “secure” recommendation type. In such case, the recommendation engine always tries to find a CVE-free software stack.
All the recommendation types can produce this warning, except for latest: