This page collects WhisperX intelligence signals tagged #software-dependency. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security vulnerability, tracked as CVE-2026-33672, has been patched in the latest release of the picomatch library. The update to version 4.0.4 addresses a high-severity flaw that could potentially be exploited in applications using the popular glob pattern matching library. This is not a routine dependency ...
A critical security vulnerability has been patched in the widely-used Python `filelock` library, a core dependency for managing concurrent file access across thousands of open-source projects. The flaw, a Time-of-Check to Time-of-Use (TOCTOU) symlink vulnerability in the `SoftFileLock` class, could potentially allow an...
A critical security update for the ubiquitous JavaScript utility library Lodash patches a newly disclosed prototype pollution vulnerability. The flaw, tracked as CVE-2026-2950, affects the `_.unset` and `_.omit` functions in versions 4.17.23 and earlier, allowing an attacker to bypass a previous fix and potentially man...