Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in deepdiff-8.6.1-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in deepdiff-8.6.1-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-33155 DESCRIPTION: DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in click-8.1.8-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in click-8.1.8-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-7246 DESCRIPTION: Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitra...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.3.0-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.3.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-66019 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in keras-3.11.3-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in keras-3.11.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-12060 DESCRIPTION: The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty

Summary IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Netty

Summary IBM Cloud Pak for Data contains a vulnerable version of Netty Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in path-to-regexp-0.1.7.tgz

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of path-to-regexp-0.1.7.tgz Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in axios

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of axios. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol relative URLs...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in axios

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of axios. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol relative URLs...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in send-0.18.0.tgz

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of send-0.18.0.tgz Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could explo...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in body-parser-1.20.2.tgz

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of body-parser-1.20.2.tgz Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. By sending a specially...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in es5-ext-0.10.53.tgz

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of es5-ext-0.10.53.tgz Vulnerability Details CVEID:CVE-2024-27088 DESCRIPTION: medikoo es5-ext is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By providing...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in urllib3-1.26.18-py2.py3-none-any.whl

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of urllib3-1.26.18-py2.py3-none-any.whl Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to strip...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Certifi python-certifi

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Certifi python-certifi Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker than expected security, caused by the use of GLOBALTRUST root certificate. An attacke...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in setuptools

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of setuptools Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attacker to execute arbitrary code on the system, caused by an error in the packageindex module. By...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Tensorflow

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Tensorflow Vulnerability Details CVEID:CVE-2023-30767 DESCRIPTION: Intel Optimization for TensorFlow could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js Vulnerability Details CVEID:CVE-2024-30261 DESCRIPTION: Node.js undici module could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw with fetch with integrity...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in guava-23.0.jar

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of guava-23.0.jar Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's default...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in elasticsearch-7.10.2.jar

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of elasticsearch-7.10.2.jar Vulnerability Details CVEID:CVE-2023-31418 DESCRIPTION: Elastic Elasticsearch is vulnerable to a denial of service, caused by uncontrolled resource consumption. By sending a moderate...