Advisories for Pypi/Websockets package

The aaugustin websockets library for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled. An attacker may be able to guess a password via a timing attack.

websockets improperly handles highly compressed data in Servers and clients unless configured with compression=None. This vulnerability can result in a Denial of Service by memory exhaustion.