Hi — the pinned versions in codes/ecg-image-generator/requirements.txt have accumulated known CVEs since the January 2024 release. Flagging them here in case you'd like to bump:
| Package |
Current |
Suggested |
Issue |
requests |
2.21.0 |
>=2.32.3 |
CVE-2023-32681 (Proxy-Authorization leak on cross-origin redirect), CVE-2024-35195 |
tensorflow |
2.14.0 |
>=2.18.0 |
Accumulated 2.14 CVEs (CVE-2023-6660 heap OOB, CVE-2024-0760, ...) |
keras |
2.14.0 |
>=3.8.0 |
CVE-2025-1550 — arbitrary code execution via Keras Lambda layers in .keras/.h5 files loaded with safe_mode=False |
scikit-learn |
1.4.2 |
>=1.5.0 |
CVE-2024-5206 (TfidfVectorizer sensitive-data leak) |
validators |
0.18.2 |
>=0.20.0 |
CVE-2021-27890 ReDoS — reachable in HandwrittenText/generate.py:148 which passes a user-provided URL to validators.url(link) |
opencv_python |
4.6.0.66 |
>=4.10 |
CVE-2023-2617 (heap overflow in imread) |
scipy |
>=1.10.0 |
>=1.11.4 |
CVE-2023-25399 (sparse heap buffer overflow) |
spacy |
3.2.6 |
>=3.7.4 |
Pattern-matcher DoS |
imageio |
2.27.0 |
>=2.34.0 |
CVE-2022-23578 (gif plugin) |
pillow |
10.3.0 |
>=12.2.0 (py3.10+) or >=11.2.0 (py3.9) |
CVE-2026-40192 (FITS GZIP decompression bomb) among others |
Additionally, HandwrittenText/generate.py:150 has an SSRF surface:
if(validators.url(link)):
r = requests.get(link) # no timeout, no scheme check, redirects onThe URL comes from caller input (--link). No timeout, no scheme allowlist (so file:///gopher:///etc. are accepted by validators.url in older versions), redirects enabled, no response-size cap. A hostile link can target cloud metadata (http://169.254.169.254/) or hang the generator.
I'll open a PR shortly with a minimal hardening patch for the SSRF part (scheme allowlist, timeout=10, allow_redirects=False, raise_for_status()). The dependency bumps I can also PR if that'd help, but I suspect you may have your own preferred dep policy / testing approach.
Context: these findings came out of a security audit of UMMISCO/ecgtizer, which vendors ecg-image-generator for dataset generation. The fixes are already applied downstream there (issues #10, #13, #15).
Thanks for maintaining the project!
Hi — the pinned versions in
codes/ecg-image-generator/requirements.txthave accumulated known CVEs since the January 2024 release. Flagging them here in case you'd like to bump:requeststensorflowkeras.keras/.h5files loaded withsafe_mode=Falsescikit-learnvalidatorsHandwrittenText/generate.py:148which passes a user-provided URL tovalidators.url(link)opencv_pythonimread)scipyspacyimageiopillowAdditionally,
HandwrittenText/generate.py:150has an SSRF surface:The URL comes from caller input (
--link). No timeout, no scheme allowlist (sofile:///gopher:///etc. are accepted byvalidators.urlin older versions), redirects enabled, no response-size cap. A hostile link can target cloud metadata (http://169.254.169.254/) or hang the generator.I'll open a PR shortly with a minimal hardening patch for the SSRF part (scheme allowlist,
timeout=10,allow_redirects=False,raise_for_status()). The dependency bumps I can also PR if that'd help, but I suspect you may have your own preferred dep policy / testing approach.Context: these findings came out of a security audit of UMMISCO/ecgtizer, which vendors
ecg-image-generatorfor dataset generation. The fixes are already applied downstream there (issues #10, #13, #15).Thanks for maintaining the project!