PyPI: nextflow

CVE-2023-6481

Safety vulnerability ID: SFTY-20231204-32071

Safety legacy ID: pyup.io-73000

Nextflow has updated its Logback dependency from version 1.4.12 to 1.4.14 to address CVE-2023-6481. Note: The Nextflow launcher installer itself does not contain any vulnerable code. However, installing this package will result in using a version of the Nextflow core that may contain known vulnerabilities.

PythonPyPINVDNVD
Created at: May 22, 2026Updated at: May 22, 2026

Overview

Nextflow has updated its Logback dependency from version 1.4.12 to 1.4.14 to address CVE-2023-6481. Note: The Nextflow launcher installer itself does not contain any vulnerable code. However, installing this package will result in using a version of the Nextflow core that may contain known vulnerabilities.

Advisory

Nextflow has updated its Logback dependency from version 1.4.12 to 1.4.14 to address CVE-2023-6481. Note: The Nextflow launcher installer itself does not contain any vulnerable code. However, installing this package will result in using a version of the Nextflow core that may contain known vulnerabilities.

Affected Package

Affecting nextflow package, versions
<24.04.0

Also affects

---

How to Fix

Upgrade
nextflow
to
24.4.1
or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more