Pattern: Use of insecure MD4/MD5 hash function in hashlib.new()
Issue: -
hashlib.new() provides the ability to construct a new hashing object using the named algorithm. This can be used to create insecure hash functions like MD4 and MD5 if they are passed as algorithm names to this function.
MD4 and MD5 are no longer considered secure. Note that this might not be a problem for some use cases like checking file integrity. However, if you want to be be sure, switch to another hashing algorithm.