/ The Problem

The window between disclosure and
weaponisation has collapsed.

Anthropic's Project Glasswing revealed that Claude Mythos Preview autonomously found thousands of zero-days across every major OS and browser — including a 27-year-old remote crash in OpenBSD that survived decades of human review and millions of fuzzer runs. Similar capabilities will arrive from other labs. They won't all be aimed at defence.

On the defensive side, the slowest manual step is no longer finding information on the vulnerability — OSV, NVD and libraries.io already surface that in seconds. It's answering the follow-up question: "given this CVE, in this project, what's the lowest-risk change I can make?" That question still eats hours of senior-engineer time per incident, and it's the one Changes AI exists to minimise.

/ The Solution

Changes AI slashes the time to remediate.

Given a repo or a source folder, it produces a ranked set of remediation paths — each scored for exposure risk (how long you stay vulnerable) and breakage risk (how likely the upgrade is to break your application).

Yes, AI is what's making this necessary. Yes, AI is what Changes AI uses to help fix it. Irony noted and embraced.
/ How It Works
01
Point it at a repo or source folder
GitHub URL or local site-packages path
02
Get a full version map
Every package — pinned, outdated, unknown — in one table
03
CVE scanning with severity flags
Severity-aware output, CI-ready exit codes via OSV
04
Package Usage Analysis
Determine if your application uses the vulnerable functionality
05
LLM-backed impact assessment
Structured impact report including changes that intersect usage, risks, confidence level, and cited evidence.
06
Remediation Planner
Ranked list of remediation paths scored based on exposure and breakage risk
/ Sample Output

Version Mapping

● ● ●
=== Version Mapping ===
PackageInstalledRequirementLatestStatus
openai2.6.1unpinned2.32.0⚠ outdated
python-dotenv1.2.1unpinned1.2.2⚠ outdated
PyYAML6.0.3unpinned6.0.3✓ up-to-date
pyoslog1.2.0unpinned1.2.0✓ up-to-date
bandit1.8.6>=1.7.51.9.4⚠ outdated
flask3.1.2>=3.0.03.1.3⚠ outdated
flask-cors6.0.1>=4.0.06.0.2⚠ outdated
flask-socketio5.5.1>=5.3.05.6.1⚠ outdated
python-socketio5.14.3>=5.11.05.16.1⚠ outdated
sphinx8.2.3>=7.0.09.1.0⚠ outdated
sphinx-rtd-theme3.0.2>=1.3.03.1.0⚠ outdated
sphinx-autodoc-typehints3.5.2>=1.24.03.10.2⚠ outdated
myst-parser4.0.1>=2.0.05.0.0⚠ outdated
breathe4.36.0>=4.35.04.36.0✓ up-to-date
sphinxcontrib-mermaid1.0.0>=0.9.22.0.1⚠ outdated
Outdated: 12 · OK: 3

CVE Scan

● ● ●
=== CVE Scan (LOW+) ===
PackageInstalledCVE / IDSevFixed In
urllib32.5.0GHSA-2xpw-w6gg-jr37⚠ HIGH2.6.0
urllib32.5.0GHSA-38jv-5279-wg99⚠ HIGH2.6.3
urllib32.5.0GHSA-gm62-xv2j-4w53⚠ HIGH2.6.0
black25.9.0GHSA-3936-cmfr-pm3m⚠ HIGH26.3.1
python-dotenv1.2.1GHSA-mf9w-mj56-hr94● MEDIUM1.2.2
requests2.32.5GHSA-gc5v-m9x4-r6x2● MEDIUM2.33.0
Werkzeug3.1.3GHSA-29vq-49wr-vm6x● MEDIUM3.1.6
Werkzeug3.1.3GHSA-87hc-h4r5-73f7● MEDIUM3.1.5
Werkzeug3.1.3GHSA-hgf8-39gv-g3f2● MEDIUM3.1.4
pytest8.4.2GHSA-6w46-j5rx-g56g● MEDIUM9.0.3
filelock3.20.0GHSA-qmgc-5h2g-mvrw● MEDIUM3.20.3
filelock3.20.0GHSA-w853-jp5j-5j7f● MEDIUM3.20.1
virtualenv20.35.4GHSA-597g-3phw-6986● MEDIUM20.36.1
flask3.1.2GHSA-68rp-wp8r-4726○ LOW3.1.3
pip25.3GHSA-6vgw-5pg2-w6jp○ LOW26.0
Pygments2.19.2GHSA-5239-wwwm-4pmq○ LOW2.20.0
HIGH: 4 · MEDIUM: 9 · LOW: 3

Usage Analysis

● ● ●
=== Usage Analysis ===
PackageSymbols used
PyGithubGithub, GithubException, UnknownObjectException
PyYAMLyaml
aiofilesaiofiles
clickclick
cronitercroniter
defusedxmlET
sqlcipher3sqlcipher3, sqlite3
openaiAsyncOpenAI, ChatCompletionMessageParam
httpx_httpx, httpx
huggingface_hubhf_hub_download
keyringkeyring
mcpClientSession, OAuthClientInformationFull
numpynp
pillowImage, ImageEnhance
pandaspd

Impact Analysis

● ● ●
=== Impact Analysis ===
PackageUpgradeDeltaRiskConfidence
flask3.1.2 → 3.1.3patch○ LOW (0.05)✓ HIGH
The CVE record shows versions <3.1.3 are affected and 3.1.3 is the fixed release. Moving from 3.1.2 to 3.1.3 is a patch-level update focused on security/bug fixes; no API removals or signature changes are documented. The project's used symbols (Flask, jsonify, render_template, request, send_from_directory) are stable across patch releases.
requests2.32.5 → 2.33.0minor○ LOW (0.15)✓ HIGH
The release 2.33.0 is marked as fixing GHSA-gc5v-m9x4-r6x2 and is a minor version bump from 2.32.5. No project symbols use requests, so there is no direct usage surface that could be impacted by internal API changes.
urllib32.5.0 → 2.6.0minor○ LOW (0.08)~ MEDIUM
Upgrading from 2.5.0 to 2.6.0 is a minor release that fixes multiple HIGH severity CVEs (GHSA-2xpw-w6gg-jr37 and GHSA-gm62-xv2j-4w53 are fixed in 2.6.0). One listed vulnerability (GHSA-38jv-5279-wg99) is fixed in 2.6.3, so 2.6.0 will not remediate that issue. No project usage symbols were provided, so the risk of breaking consumer code is judged low but not zero.
black25.9.0 → 26.3.1major/td>✓ NONE (0.05)✓ HIGH
The provided usage_symbols list is empty, indicating the project does not import or call black programmatically. The CVE GHSA-3936-cmfr-pm3m is fixed in 26.3.1, so upgrading addresses the vulnerability with negligible runtime breakage risk.
Werkzeug3.1.3 → 3.1.8patch○ LOW (0.10)✓ HIGH
All listed vulnerabilities are fixed in intermediate 3.1.x releases (3.1.4–3.1.6) so moving from 3.1.3 to 3.1.8 remedies them. No project symbols were reported as used, and the version change is a patch bump, indicating low likelihood of breakage.
pytest8.4.2 → 9.0.3major⚠ MEDIUM (0.45)~ MEDIUM
⚠ Unresolved usage (star/dynamic import) — assumed fully used.
• API changes affecting your usage:
[behaviour] pytest:
Major release may remove previously deprecated internal APIs and change default test collection/CLI/configuration behaviour; importing the package remains, but runtime behaviour (collection, plugin loading, default options) can differ.Moving from 8.4.2 to 9.0.3 is a major release likely removing deprecated internals and changing plugin/CLI behavior. The project imports 'pytest', so there is a moderate risk of breakage dependent on how pytest APIs or plugins are used.

Remediation Planner

● ● ●
=== Remediation Plan ===
3 path(s) generated: minimum breakage 3/17 · maximum coverage 16/17 · balanced 8/17.
1. [Minimum Breakage]  Exposure: 0.54  Breakage: 0.15  Confidence: ~ MEDIUM
This path performs a single upgrade (urllib3 → 2.6.3) that addresses all high-severity issues while keeping probable breakage low. It is the smallest change that materially reduces the most critical exposure. The known pip CVE has no available fix and remains in cves_no_fix; consider runtime hardening or replacing/pinning pip usage where possible.
urllib32.5.0 → 2.6.3(fixes GHSA-2xpw-w6gg-jr37, GHSA-38jv-5279-wg99, GHSA-gm62-xv2j-4w53)
Resolves:   GHSA-2xpw-w6gg-jr37, GHSA-38jv-5279-wg99, GHSA-gm62-xv2j-4w53
Open:       GHSA-29vq-49wr-vm6x, GHSA-3936-cmfr-pm3m, GHSA-5239-wwwm-4pmq, GHSA-597g-3phw-6986, GHSA-68rp-wp8r-4726, GHSA-6vgw-5pg2-w6jp, GHSA-6w46-j5rx-g56g, GHSA-87hc-h4r5-73f7, GHSA-gc5v-m9x4-r6x2, GHSA-hgf8-39gv-g3f2, GHSA-mf9w-mj56-hr94, GHSA-qmgc-5h2g-mvrw, GHSA-w853-jp5j-5j7f
No fix:     GHSA-58qw-9mgm-455v
2. [Maximum Coverage]  Exposure: 0.04  Breakage: 0.50  Confidence: ~ MEDIUM
This path upgrades every package for which a fixed candidate exists, resolving the largest number of CVEs. It accepts higher breakage (notably pytest's major upgrade) to minimize exposure across the board. The pip CVE without a fix remains and should be mitigated by pinning, isolating pip usage, or applying runtime/workflow mitigations.
python-dotenv1.2.1 → 1.2.2(fixes GHSA-mf9w-mj56-hr94)
flask3.1.2 → 3.1.3(fixes GHSA-68rp-wp8r-4726)
requests2.32.5 → 2.33.0(fixes GHSA-gc5v-m9x4-r6x2)
urllib32.5.0 → 2.6.3(fixes GHSA-2xpw-w6gg-jr37, GHSA-38jv-5279-wg99, GHSA-gm62-xv2j-4w53)
pip25.3 → 26.0(fixes GHSA-6vgw-5pg2-w6jp)
black25.9.0 → 26.3.1(fixes GHSA-3936-cmfr-pm3m)
Werkzeug3.1.3 → 3.1.8(fixes GHSA-29vq-49wr-vm6x, GHSA-87hc-h4r5-73f7, GHSA-hgf8-39gv-g3f2)
pytest8.4.2 → 9.0.3(fixes GHSA-6w46-j5rx-g56g)
Pygments2.19.2 → 2.20.0(fixes GHSA-5239-wwwm-4pmq)
filelock3.20.0 → 3.29.0(fixes GHSA-qmgc-5h2g-mvrw, GHSA-w853-jp5j-5j7f)
virtualenv20.35.4 → 20.36.1(fixes GHSA-597g-3phw-6986)
Resolves:   GHSA-29vq-49wr-vm6x, GHSA-2xpw-w6gg-jr37, GHSA-38jv-5279-wg99, GHSA-3936-cmfr-pm3m, GHSA-5239-wwwm-4pmq, GHSA-597g-3phw-6986, GHSA-68rp-wp8r-4726, GHSA-6vgw-5pg2-w6jp, GHSA-6w46-j5rx-g56g, GHSA-87hc-h4r5-73f7, GHSA-gc5v-m9x4-r6x2, GHSA-gm62-xv2j-4w53, GHSA-hgf8-39gv-g3f2, GHSA-mf9w-mj56-hr94, GHSA-qmgc-5h2g-mvrw, GHSA-w853-jp5j-5j7f
No fix:     GHSA-58qw-9mgm-455v
3. [Balanced]  Exposure: 0.24  Breakage: 0.15  Confidence: ~ MEDIUM
This plan targets high-severity issues and low-risk patch/minor upgrades to reduce exposure while keeping probable breakage moderate. It avoids higher-risk major upgrades (e.g., pytest) but includes low-impact fixes (black, requests, python-dotenv, urllib3) to get good coverage for little disruption. The pip CVE without a fix remains; mitigate by limiting automated pip operations, pinning or isolating pip in CI/runtime.
urllib32.5.0 → 2.6.3(fixes GHSA-2xpw-w6gg-jr37, GHSA-38jv-5279-wg99, GHSA-gm62-xv2j-4w53)
black25.9.0 → 26.3.1(fixes GHSA-3936-cmfr-pm3m)
requests2.32.5 → 2.33.0(fixes GHSA-gc5v-m9x4-r6x2)
python-dotenv1.2.1 → 1.2.2(fixes GHSA-mf9w-mj56-hr94)
Werkzeug3.1.3 → 3.1.4(fixes GHSA-hgf8-39gv-g3f2)
filelock3.20.0 → 3.20.1(fixes GHSA-w853-jp5j-5j7f)
Resolves:   GHSA-2xpw-w6gg-jr37, GHSA-38jv-5279-wg99, GHSA-3936-cmfr-pm3m, GHSA-gc5v-m9x4-r6x2, GHSA-gm62-xv2j-4w53, GHSA-hgf8-39gv-g3f2, GHSA-mf9w-mj56-hr94, GHSA-w853-jp5j-5j7f
Open:       GHSA-29vq-49wr-vm6x, GHSA-5239-wwwm-4pmq, GHSA-597g-3phw-6986, GHSA-68rp-wp8r-4726, GHSA-6vgw-5pg2-w6jp, GHSA-6w46-j5rx-g56g, GHSA-87hc-h4r5-73f7, GHSA-qmgc-5h2g-mvrw
No fix:     GHSA-58qw-9mgm-455v
=== No Fix Available ===
GHSA-58qw-9mgm-455v (MEDIUM) in pip — no fix version known. Consider replacing, pinning below the affected range, or accepting the risk.
HTML sample report PDF sample report