Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
Nothing found by this check. ✓
Packages you depend on that have known security holes (CVEs).
CVE-2021-23445 datatables.net: contents of array not escaped by HTML escape entities functionYour dependencies cross-checked against the OSV vulnerability database.
GHSA-3f63-hfp8-52jq Arbitrary Code Execution in PillowPYSEC-2023-227 An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of PYSEC-2026-165 Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer GHSA-44wm-f244-xhp3 Pillow buffer overflow vulnerabilityGHSA-j7hp-h8jx-5ppr libwebp: OOB write in BuildHuffmanTableGHSA-r73j-pqj5-w3x7 Pillow has a PDF Parsing Trailer Infinite Loop (DoS)GHSA-968p-4wvh-cqc8 Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groupsGHSA-h73q-5wmj-q8pj Cross site scripting in datatables.net GHSA-h67p-54hq-rp68 JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliasesGHSA-c2qf-rxjj-qqgw semver vulnerable to Regular Expression Denial of ServiceGHSA-c2qf-rxjj-qqgw semver vulnerable to Regular Expression Denial of ServiceGHSA-4x5r-pxfx-6jf8 @babel/core: Arbitrary File Read via sourceMappingURL CommentPYSEC-2023-175 Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.PYSEC-2023-102 A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function.PYSEC-2023-114 ** DISPUTED ** A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue.Code that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
scorecard-CII-Best-Practices CII-Best-Practices scored 0: no effort to earn an OpenSSF best practices badge detectedscorecard-Fuzzing Fuzzing scored 0: project is not fuzzedscorecard-overall OpenSSF Scorecard overall: 8.4/10