It could be possible that there is no official, comprehensive vulnerability or CVE report for the latest Phoenix Server and UI directly available in the provided data sources. However, there are references to security practices and reporting procedures, and some closed issues related to security and dependency upgrades, but no explicit CVE list or vulnerability report is published for the latest version.
For reporting or learning about vulnerabilities, users are encouraged to follow coordinated disclosure by emailing opensource-security@arize.com, as described in the security policy. There are also references to upgrading dependencies (e.g., PostgreSQL) for security reasons, but no detailed CVE enumeration is present in the sources reviewed. Would you like more detail on how to monitor or report vulnerabilities for Phoenix?
Sources:
- <https://github.com/Arize-ai/phoenix/blob/main/packages/phoenix-evals/SECURITY|https://github.com/Arize-ai/phoenix/blob/main/packages/phoenix-evals/SECURITY>
- <https://github.com/Arize-ai/phoenix/blob/main/SECURITY.md|https://github.com/Arize-ai/phoenix/blob/main/SECURITY.md>
Note: I wasn鈥檛 able to find highly relevant data sources, but above are a few potentially relevant links.
