Advisories for Pypi/Products.kupu package

An incorrect kupu security declaration would allow any authenticated user to edit kupu settings.