Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
Packages you depend on that have known security holes (CVEs).
CVE-2026-54906 concurrent-ruby: rubygem-concurrent-ruby: concurrent-ruby: Synchronization flaw in ReadWriteLock allows unauthorized lock release and denial of serviceCVE-2026-54904 concurrent-ruby: rubygem-concurrent-ruby: concurrent-ruby: Denial of Service due to infinite loop in AtomicReference#updateCVE-2026-54905 concurrent-ruby: Concurrent-ruby: Incorrect write lock granting leading to broken mutual exclusionGHSA-5prr-v3j2-97mh Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`GHSA-5v8h-3h3q-446p Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exceptionGHSA-8678-w3jw-xfc2 Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247GHSA-9cv2-cfxc-v4v2 Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classesGHSA-p67v-3w7g-wjg7 Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetimeGHSA-phwj-rprq-35pp Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=`GHSA-wfpw-mmfh-qq69 Nokogiri: Possible Use-After-Free in XInclude ProcessingGHSA-wjv4-x9w8-wm3h Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node typeGHSA-6jxj-px6v-747w Deeply nested CSS blocks and functions can trigger a SystemStackError or excessive memory usageGHSA-6wmf-3r64-vcwv Large numeric exponents cause CPU and memory denial of serviceGHSA-8vfg-2r28-hvhj Non-ASCII characters cause superlinear CPU consumptionGHSA-wwpr-jff3-395c A large number of adjacent CSS comments can trigger a SystemStackErrorGHSA-g9g8-vgvw-g3vf Possible invalid memory read when calling `Nokogiri::XML::Node#initialize_copy_with_args` with incorrect argument typeYour dependencies cross-checked against the OSV vulnerability database.
PYSEC-2026-348 h11 accepts some malformed Chunked-Encoding bodiesPYSEC-2022-183 Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.GHSA-h8w8-99g7-qmvj Concurrent Ruby : `AtomicReference#update` livelocks when the stored value is `Float::NAN`GHSA-5prr-v3j2-97mh Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`GHSA-4c99-qj7h-p3vg nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment FilenamesGHSA-7jqv-fw35-gmx9 nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image EmbeddingGHSA-xm59-rqc7-hhvf nbconvert has an uncontrolled search path that leads to unauthorized code execution on WindowsGHSA-847f-9342-265h h2 allows HTTP Request Smuggling due to illegal characters in headersPYSEC-2024-60 A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings,PYSEC-2026-215 Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions priorPYSEC-2023-206 NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0.GHSA-6wx8-w4f5-wwcr Concurrent Ruby: ReadWriteLock allows wrong-thread write release and stray read-release counter corruptionGHSA-wv3x-4vxv-whpp Concurrent Ruby: `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivityGHSA-5v8h-3h3q-446p Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exceptionGHSA-8678-w3jw-xfc2 Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247GHSA-9cv2-cfxc-v4v2 Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classesGHSA-p67v-3w7g-wjg7 Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetimeGHSA-phwj-rprq-35pp Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=`GHSA-wfpw-mmfh-qq69 Nokogiri: Possible Use-After-Free in XInclude ProcessingGHSA-wjv4-x9w8-wm3h Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node typeCode that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.