## https://sploitus.com/exploit?id=71DC4556-9DC5-58A0-90E4-A78A2EE8840C
# Dependabot pip-updater: case-sensitive advisory name match (PoC)
Minimal reproduction for a Dependabot bug where security advisories whose
`dependency-name` casing differs from the PEP 503-normalized lockfile entry
are silently skipped.
Concrete instance: **GHSA-2h4p-vjrc-8xpq / CVE-2026-44307** โ Mako path
traversal, affects `Mako = 1.3.12` in
`pyproject.toml` and run `poetry lock`. The fix in the lockfile makes the
advisory non-applicable, so the matcher's case bug stops mattering for
this specific advisory.