GHSA-5qvp-pr9f-2g2v
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5qvp-pr9f-2g2v
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-5qvp-pr9f-2g2v/GHSA-5qvp-pr9f-2g2v.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-5qvp-pr9f-2g2v
- Published
- 2026-04-01T20:52:20Z
- Modified
- 2026-04-01T21:04:43.804300Z
- Severity
-
- 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- poetry-plugin-tweak-dependencies-version affected by CVE-2026-25645
- Details
-
Pin vulnerable version of requests library
- Database specific
{ "github_reviewed": true, "nvd_published_at": null, "cwe_ids": [ "CWE-377" ], "github_reviewed_at": "2026-04-01T20:52:20Z", "severity": "MODERATE" }- References
-
- https://github.com/psf/requests/security/advisories/GHSA-gc5v-m9x4-r6x2
- https://github.com/sbrunner/poetry-plugin-tweak-dependencies-version/security/advisories/GHSA-5qvp-pr9f-2g2v
- https://github.com/sbrunner/poetry-plugin-tweak-dependencies-version/commit/54b5784d89f36cd413a8bc5032ab0a96438dcae3
- https://github.com/sbrunner/poetry-plugin-tweak-dependencies-version
- https://github.com/sbrunner/poetry-plugin-tweak-dependencies-version/releases/tag/1.5.6
Affected packages
PyPI / poetry-plugin-tweak-dependencies-version
Package
- Name
- poetry-plugin-tweak-dependencies-version
- View open source insights on deps.dev
- Purl
- pkg:pypi/poetry-plugin-tweak-dependencies-version
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.5.6