A security vulnerability found for a package

One or more packages in the software stack have security vulnerability.

Issue description

The recommendation engine found a package that has assigned one or multiple CVEs. See What is CVE? for more information on the security and possible implications.

If the recommendation type is set to secure, the recommendation engine always tries to find a CVE-free software stack.

The recommendation engine uses PyUP Safety DB which gets periodically updated on the recommendation engine side.

Affected packages:

See the justification reported for the listing of affected packages.

Severity

Issue fix

The recommendation engine tries to find a more suitable software stack that would be more secure.

If the recommended software stack still has CVEs stated, the resolution process was not able to come up with a better software stack.

A special case is “secure” recommendation type. In such case, the recommendation engine always tries to find a CVE-free software stack.

Pipeline units

Recommendation types

All the recommendation types can produce this warning, except for latest:

See this document that describes recommendation types listed.