security: vulnerability remediation

[kernel-internal]

Vulnerability Remediation

This PR was generated by the Socket-centric vulnerability remediation workflow. Review the planned dependency changes and confirmation evidence before merging.

Fixed

CVE/GHSA	Package	Ecosystem	Old Version	New Version	Manifest	Confirmation
GHSA-537c-gmf6-5ccf	browser-use	None	0.11.1	0.12.3		confirmed

Not Included

• Deferred by batch limit: 103 advisories. They will be considered by future runs.
• Other deferred scanner findings: 8.
• Unconfirmed attempted fixes: 0.

Deferred details

CVE/GHSA	Package	Reason
Unavailable from detector	json-schema	Non-CVE alert is not handled by dependency remediation.
Unavailable from detector	float	Non-CVE alert is not handled by dependency remediation.
Unavailable from detector	entities	Non-CVE alert is not handled by dependency remediation.
Unavailable from detector	entities	Non-CVE alert is not handled by dependency remediation.
Unavailable from detector	hashes	Non-CVE alert is not handled by dependency remediation.
Unavailable from detector	cheerio	Non-CVE alert is not handled by dependency remediation.
Unavailable from detector	github.com/godbus/dbus/v5	Non-CVE alert is not handled by dependency remediation.
Unavailable from detector	authlib	Missing CVE/GHSA identifier required for Socket fix planning.

---

Note

Low Risk
Single dependency version bump in a sample template manifest with no logic changes; main risk is minor API/behavior differences between 0.11.x and 0.12.3 for the template app.

Overview
Addresses GHSA-537c-gmf6-5ccf in the python/browser-use Kernel sample template by tightening the browser-use dependency from >=0.11.1 to an exact ==0.12.3 pin in pyproject.toml.

No application code changes; consumers of this template get the patched browser-use release when dependencies are resolved (e.g. via uv lock / install).

^{Reviewed by Cursor Bugbot for commit 2cf9e9b. Bugbot is set up for automated code reviews on this repo. Configure here.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	pypi/​pillow@​12.1.1
	pypi/​google-genai@​1.55.0 ⏵ 1.65.0	-1
	pypi/​browser-use@​0.11.1 ⏵ 0.12.3	-10
	pypi/​openai@​2.12.0 ⏵ 2.16.0	+1
	pypi/​anthropic@​0.76.0

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Critical CVE: LiteLLM: Authentication Bypass via Host Header Injection CVE: GHSA-4xpc-pv4p-pm3w LiteLLM: Authentication Bypass via Host Header Injection (CRITICAL) Affected versions: < 1.84.0 Patched version: 1.84.0 From: pkg/templates/python/browser-use/uv.lock → pypi/browser-use@0.12.3 → pypi/litellm@1.83.0 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore pypi/litellm@1.83.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Critical CVE: LiteLLM has SQL Injection in Proxy API key verification CVE: GHSA-r75f-5x8p-qvmc LiteLLM has SQL Injection in Proxy API key verification (CRITICAL) Affected versions: >= 1.81.16 < 1.83.7 Patched version: 1.83.7 From: pkg/templates/python/browser-use/uv.lock → pypi/browser-use@0.12.3 → pypi/litellm@1.83.0 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore pypi/litellm@1.83.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: pypi browser-use is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pkg/templates/python/browser-use/pyproject.toml → pypi/browser-use@0.12.3 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore pypi/browser-use@0.12.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: pypi browser-use is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pkg/templates/python/browser-use/pyproject.toml → pypi/browser-use@0.12.3 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore pypi/browser-use@0.12.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: pypi litellm is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pkg/templates/python/browser-use/uv.lock → pypi/browser-use@0.12.3 → pypi/litellm@1.83.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore pypi/litellm@1.83.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: pypi litellm is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pkg/templates/python/browser-use/uv.lock → pypi/browser-use@0.12.3 → pypi/litellm@1.83.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore pypi/litellm@1.83.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: pypi litellm is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pkg/templates/python/browser-use/uv.lock → pypi/browser-use@0.12.3 → pypi/litellm@1.83.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore pypi/litellm@1.83.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: pypi litellm is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pkg/templates/python/browser-use/uv.lock → pypi/browser-use@0.12.3 → pypi/litellm@1.83.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore pypi/litellm@1.83.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[firetiger-agent]

Created a monitoring plan for this PR.

What this PR does: Patches a high-severity security vulnerability (GHSA-537c-gmf6-5ccf — vulnerable OpenSSL in cryptography wheels) in the CLI's browser-use sample app template. New projects scaffolded from this template will no longer include the affected dependency.

Intended effect: No production telemetry signal exists for CLI template usage — this is a template-only change with no deployed service. Confirmation is structural: the lockfile pins browser-use==0.12.3 and aiohttp==3.13.3, which resolve without the vulnerable OpenSSL transitive dependency. Manual validation (run uv sync + scaffold and execute the template) is the only applicable check.

Risks:

• browser-use API break — browser-use 0.11→0.12 may change Browser/Agent constructor signatures; alert if scaffolded template fails to run (ImportError or TypeError at startup)
• aiohttp 3.13.x incompatibility — transitive bump from 3.12.15 to 3.13.3; alert if uv sync fails or generated app raises aiohttp-related exceptions at startup
• lockfile resolution failure on edge Python versions — pinned wheels may be missing for some platforms; alert if uv sync errors on supported Python ≥3.11 runtimes

View monitor