Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.Packages you depend on that have known security holes (CVEs).
CVE-2019-20477 PyYAML: command execution through python/object/apply constructor in FullLoaderCVE-2020-14343 PyYAML: incomplete fix for CVE-2020-1747CVE-2020-1747 PyYAML: arbitrary command execution through python/object/new when FullLoader is usedCVE-2024-4068 braces: fails to limit the number of characters it can handleCVE-2026-4800 lodash: lodash: Arbitrary code execution via untrusted input in template importsCVE-2025-13465 lodash: prototype pollution in _.unset and _.omit functionsCVE-2026-2950 lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypassCVE-2022-24785 Moment.js: Path traversal in moment.localeCVE-2022-31129 moment: inefficient parsing algorithm resulting in DoSCVE-2023-30861 flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie headerCVE-2023-32681 python-requests: Unintended leak of Proxy-Authorization headerCVE-2024-35195 requests: subsequent requests to the same host ignore cert verificationCVE-2024-47081 requests: Requests vulnerable to .netrc credentials leak via malicious URLsCVE-2026-25645 requests: Requests: Security bypass due to predictable temporary file creationCVE-2024-9506 vue: Regular Expression Denial of Service (ReDoS)CVE-2026-27205 flask: Flask: Information disclosure via improper caching of session dataYour dependencies cross-checked against the OSV vulnerability database.
GHSA-67hx-6x53-jw92 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious codeGHSA-cpq7-6gpm-g9rc cipher-base is missing type checks, leading to hash rewind and passing on crafted dataGHSA-phwq-j96m-2c2q ejs template injection vulnerabilityGHSA-vjh7-7g9h-fjfh Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string)GHSA-6h5x-7c5m-7cr7 Exposure of Sensitive Information in eventsourceGHSA-fjxv-7rqg-78g4 form-data uses unsafe random function in form-data for choosing boundaryGHSA-896r-f27r-55mw json-schema is vulnerable to Prototype PollutionGHSA-76p3-8jx3-jpfq Prototype pollution in webpack loader-utilsGHSA-76p3-8jx3-jpfq Prototype pollution in webpack loader-utilsGHSA-xvch-5gv4-984h Prototype Pollution in minimistGHSA-h7cp-r72f-jxh6 pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algosGHSA-v62p-rq8g-8h59 pbkdf2 silently disregards Uint8Array input, returning static keysGHSA-95m3-7q98-8xr5 sha.js is missing type checks leading to hash rewind and passing on crafted dataGHSA-w7jw-789q-3m8p shell-quote quote() does not escape newlines in object .op valuesGHSA-hgjh-723h-mx2j Authorization Bypass Through User-Controlled Key in url-parsePYSEC-2020-176 PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exPYSEC-2020-96 A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method oPYSEC-2021-142 A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or GHSA-968p-4wvh-cqc8 Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groupsGHSA-fv7c-fp4j-7gwp @babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious inputGHSA-968p-4wvh-cqc8 Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groupsGHSA-2g4f-4pwh-qvx6 ajv has ReDoS when using `$data` optionGHSA-whgm-jr23-g3j9 Uncontrolled Resource Consumption in ansi-htmlGHSA-93q8-gq69-wqmw Inefficient Regular Expression Complexity in chalk/ansi-regexGHSA-93q8-gq69-wqmw Inefficient Regular Expression Complexity in chalk/ansi-regexCode that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
Nothing found by this check. ✓
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.