Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
Nothing found by this check. ✓
Packages you depend on that have known security holes (CVEs).
CVE-2024-12224 idna: idna accepts Punycode labels that do not produce any non-ASCII when decodedGHSA-82j2-j2ch-gfr8 rustls-webpki: Denial of service via panic on malformed CRL BIT STRINGGHSA-pwjx-qhcg-rvj4 webpki: CRLs not considered authoritative by Distribution Point due to faulty matching logicGHSA-82j2-j2ch-gfr8 rustls-webpki: Denial of service via panic on malformed CRL BIT STRINGGHSA-pwjx-qhcg-rvj4 webpki: CRLs not considered authoritative by Distribution Point due to faulty matching logicGHSA-965h-392x-2mh5 webpki: Name constraints for URI names were incorrectly acceptedGHSA-xgp8-3hg3-c2mh webpki: Name constraints were accepted for certificates asserting a wildcard nameGHSA-cq8v-f236-94qc Rand is unsound with a custom logger using rand::rng()GHSA-965h-392x-2mh5 webpki: Name constraints for URI names were incorrectly acceptedGHSA-xgp8-3hg3-c2mh webpki: Name constraints were accepted for certificates asserting a wildcard nameYour dependencies cross-checked against the OSV vulnerability database.
RUSTSEC-2024-0421 `idna` accepts Punycode labels that do not produce any non-ASCII when decodedGHSA-h395-gr6q-cpjc jsonwebtoken has Type Confusion that leads to potential authorization bypassRUSTSEC-2025-0009 Some AES functions may panic when overflow checking is enabled.RUSTSEC-2026-0049 CRLs not considered authoritative by Distribution Point due to faulty matching logicRUSTSEC-2026-0104 Reachable panic in certificate revocation list parsingRUSTSEC-2026-0185 Remote memory exhaustion in quinn-proto from unbounded out-of-order stream reassemblyRUSTSEC-2026-0049 CRLs not considered authoritative by Distribution Point due to faulty matching logicRUSTSEC-2026-0104 Reachable panic in certificate revocation list parsingRUSTSEC-2024-0421 `idna` accepts Punycode labels that do not produce any non-ASCII when decodedGHSA-h395-gr6q-cpjc jsonwebtoken has Type Confusion that leads to potential authorization bypassGHSA-8c75-8mhr-p7r9 rust-openssl has incorrect bounds assertion in aes key wrapGHSA-ghm9-cr32-g9qj rust-openssl: rustMdCtxRef::digest_final() writes past caller buffer with no length checkGHSA-hppc-g8h3-xhp3 rust-openssl: Unchecked callback length in PSK/cookie trampolines leaks adjacent memory to peerGHSA-phqj-4mhp-q6mq rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphersGHSA-pqf5-4pqq-29f5 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1GHSA-xp3w-r5p5-63rr rust-openssl has undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLsGHSA-xv59-967r-8726 rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-paddingRUSTSEC-2025-0009 Some AES functions may panic when overflow checking is enabled.RUSTSEC-2026-0098 Name constraints for URI names were incorrectly acceptedRUSTSEC-2026-0099 Name constraints were accepted for certificates asserting a wildcard nameRUSTSEC-2026-0098 Name constraints for URI names were incorrectly acceptedRUSTSEC-2026-0099 Name constraints were accepted for certificates asserting a wildcard nameGHSA-xmgf-hq76-4vx2 rust-opennssl has an Out-of-bounds read in PEM password callback when returning an oversized lengthRUSTSEC-2025-0010 Versions of *ring* prior to 0.17 are unmaintained.RUSTSEC-2025-0134 rustls-pemfile is unmaintainedCode that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
Nothing found by this check. ✓
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
scorecard-overall OpenSSF Scorecard overall: 6.5/10scorecard-CII-Best-Practices CII-Best-Practices scored 0: no effort to earn an OpenSSF best practices badge detectedscorecard-Fuzzing Fuzzing scored 0: project is not fuzzedscorecard-Security-Policy Security-Policy scored 0: security policy file not detected