Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
Packages you depend on that have known security holes (CVEs).
CVE-2025-32434 PyTorch is a Python package that provides tensor computation with stro ...CVE-2026-1260 sentencepiece: Sentencepiece: Invalid memory access leading to potential arbitrary code execution via a crafted model file.CVE-2024-31580 PyTorch before v2.2.0 was discovered to contain a heap buffer overflow ...CVE-2024-31583 Pytorch before version v2.2.0 was discovered to contain a use-after-fr ...CVE-2025-2999 A vulnerability was found in PyTorch 2.6.0. It has been rated as criti ...CVE-2025-3730 A vulnerability, which was classified as problematic, was found in PyT ...CVE-2024-11392 transformers: Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution VulnerabilityCVE-2024-11393 transformers: Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution VulnerabilityCVE-2024-11394 transformers: Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution VulnerabilityCVE-2024-12720 Transformers Regular Expression Denial of Service (ReDoS) vulnerabilityCVE-2025-1194 Transformers Regular Expression Denial of Service (ReDoS) vulnerabilityCVE-2025-2099 transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformersCVE-2025-3263 transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformersCVE-2025-3264 transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformersCVE-2025-3933 transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformersCVE-2025-5197 transformers: Transformers ReDoS VulnerabilityCVE-2025-6051 transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformersCVE-2025-6638 transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformersCVE-2025-6921 transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformersCVE-2026-1839 transformers: HuggingFace Transformers: Arbitrary code execution via malicious checkpoint fileCVE-2025-2953 torch: PyTorch torch.mkldnn_max_pool2d denial of serviceCVE-2025-3001 A vulnerability classified as critical was found in PyTorch 2.6.0. Thi ...CVE-2024-3568 Transformers Deserialization of Untrusted Data vulnerabilityCVE-2025-3777 transformers: Improper Input Validation in huggingface/transformersYour dependencies cross-checked against the OSV vulnerability database.
PYSEC-2023-255 Command Injection in GitHub repository gradio-app/gradio prior to main.PYSEC-2024-215 Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **Server-Side Request Forgery (SSRF)** in the `/queue/join` endpoint. Gradio’s `async_save_url_to_PYSEC-2024-219 Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the FRP (Fast Reverse Proxy) client and server when Gradio's `shaPYSEC-2024-274 Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes thPYSEC-2025-118 Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List (ACL) fPYSEC-2026-345 Gradio allows users to access arbitrary filesPYSEC-2024-259 In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.PYSEC-2025-41 PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command EPYSEC-2026-457 Arbitrary Code Execution in PillowPYSEC-2023-255 Command Injection in GitHub repository gradio-app/gradio prior to main.PYSEC-2024-215 Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **Server-Side Request Forgery (SSRF)** in the `/queue/join` endpoint. Gradio’s `async_save_url_to_PYSEC-2024-219 Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the FRP (Fast Reverse Proxy) client and server when Gradio's `shaPYSEC-2024-274 Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes thPYSEC-2025-118 Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List (ACL) fPYSEC-2026-345 Gradio allows users to access arbitrary filesPYSEC-2024-259 In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.PYSEC-2025-41 PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command EPYSEC-2026-457 Arbitrary Code Execution in PillowPYSEC-2026-457 Arbitrary Code Execution in PillowPYSEC-2024-259 In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.PYSEC-2025-41 PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command EPYSEC-2024-259 In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.PYSEC-2025-41 PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command EPYSEC-2023-249 Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to PYSEC-2024-184 A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the `postprocess()` function within `graCode that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.