1 issue left for the package maintainer to handle:
CVE-2022-40023:
(needs triaging)
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.