Root has patched CVE-2026-25087 in the rootio-pyarrow package for Root:PyPI. Multiple fixed versions available.
{ "distro_version": "", "source": "Root", "severity": "HIGH", "distro": "pypi" }
true
"20.0.0"
2.0
[ "20.0.0+root.io.1", "20.0.0+root.io.2" ]
"https://api.root.io/external/osv/ROOT-APP-PYPI-CVE-2026-25087.json"
"root.io.2"