Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
Packages you depend on that have known security holes (CVEs).
CVE-2026-25541 Bytes is a utility library for working with bytes. From version 1.2.1 ...CVE-2026-41676 rust-openssl provides OpenSSL bindings for the Rust programming langua ...CVE-2026-41678 rust-openssl provides OpenSSL bindings for the Rust programming langua ...CVE-2026-41681 rust-openssl provides OpenSSL bindings for the Rust programming langua ...CVE-2026-41898 rust-openssl provides OpenSSL bindings for the Rust programming langua ...CVE-2026-42327 rust-openssl: rust-openssl: Arbitrary code execution via specially crafted certificateCVE-2026-44662 rust-openssl provides OpenSSL bindings for the Rust programming langua ...CVE-2026-45784 rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphersGHSA-82j2-j2ch-gfr8 rustls-webpki: Denial of service via panic on malformed CRL BIT STRINGGHSA-pwjx-qhcg-rvj4 webpki: CRLs not considered authoritative by Distribution Point due to faulty matching logicCVE-2026-41677 rust-openssl provides OpenSSL bindings for the Rust programming langua ...GHSA-965h-392x-2mh5 webpki: Name constraints for URI names were incorrectly acceptedGHSA-xgp8-3hg3-c2mh webpki: Name constraints were accepted for certificates asserting a wildcard nameGHSA-cq8v-f236-94qc Rand is unsound with a custom logger using rand::rng()Your dependencies cross-checked against the OSV vulnerability database.
RUSTSEC-2026-0007 Integer overflow in `BytesMut::reserve`GHSA-8c75-8mhr-p7r9 rust-openssl has incorrect bounds assertion in aes key wrapGHSA-ghm9-cr32-g9qj rust-openssl: rustMdCtxRef::digest_final() writes past caller buffer with no length checkGHSA-hppc-g8h3-xhp3 rust-openssl: Unchecked callback length in PSK/cookie trampolines leaks adjacent memory to peerGHSA-phqj-4mhp-q6mq rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphersGHSA-pqf5-4pqq-29f5 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1GHSA-xp3w-r5p5-63rr rust-openssl has undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLsGHSA-xv59-967r-8726 rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-paddingRUSTSEC-2026-0049 CRLs not considered authoritative by Distribution Point due to faulty matching logicRUSTSEC-2026-0104 Reachable panic in certificate revocation list parsingGHSA-xmgf-hq76-4vx2 rust-opennssl has an Out-of-bounds read in PEM password callback when returning an oversized lengthRUSTSEC-2026-0098 Name constraints for URI names were incorrectly acceptedRUSTSEC-2026-0099 Name constraints were accepted for certificates asserting a wildcard nameRUSTSEC-2026-0190 Unsoundness in `Error::downcast_mut()`RUSTSEC-2026-0097 Rand is unsound with a custom logger using `rand::rng()`Code that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
Nothing found by this check. ✓
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
scorecard-overall OpenSSF Scorecard overall: 5.1/10scorecard-CI-Tests CI-Tests scored 0: 0 out of 6 merged PRs checked by a CI test -- score normalized to 0scorecard-CII-Best-Practices CII-Best-Practices scored 0: no effort to earn an OpenSSF best practices badge detectedscorecard-Fuzzing Fuzzing scored 0: project is not fuzzedscorecard-SAST SAST scored 0: SAST tool is not run on all commits -- score normalized to 0scorecard-Security-Policy Security-Policy scored 0: security policy file not detectedscorecard-Signed-Releases Signed-Releases scored 0: Project has not signed or included provenance with any releases.