This page collects WhisperX intelligence signals tagged #transitive dependency. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A newly disclosed vulnerability, CVE-2026-4539, exposes a local attack vector within the widely used Python syntax highlighter, Pygments. The flaw is a ReDoS (Regular Expression Denial-of-Service) vulnerability located specifically in the `AdlLexer` component within `pygments/lexers/archetype.py`. Critically, exploitat...
A WhiteSource security scan has flagged the spring-boot-starter-thymeleaf library at version 2.7.1 as containing five distinct vulnerabilities, with the highest carrying a CVSS score of 9.0—placing it firmly in critical territory. The scan, triggered on a Maven project dependency file, identified the vulnerable artifac...