Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
Nothing found by this check. ✓
Packages you depend on that have known security holes (CVEs).
Nothing found by this check. ✓
Your dependencies cross-checked against the OSV vulnerability database.
GHSA-53q9-r3pm-6pq6 PyTorch: `torch.load` with `weights_only=True` leads to remote code executionGHSA-3f63-hfp8-52jq Arbitrary Code Execution in PillowGHSA-39mp-8hj3-5c49 Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+GHSA-jmh7-g254-2cq9 Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config ProcessingGHSA-x84v-xcm2-53pg Insufficiently Protected Credentials in RequestsGHSA-hx9q-6w63-j58v orjson does not limit recursion for deeply nested JSON documentsGHSA-pwr2-4v36-6qpr orjson does not limit recursion for deeply nested JSON documentsGHSA-44wm-f244-xhp3 Pillow buffer overflow vulnerabilityGHSA-8ghj-p4vj-mr35 Pillow Denial of Service vulnerabilityGHSA-j7hp-h8jx-5ppr libwebp: OOB write in BuildHuffmanTableGHSA-3749-ghw9-m3mg PyTorch susceptible to local Denial of ServiceGHSA-h3h8-3v2v-rg7m Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session SecretPYSEC-2024-259 In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.PYSEC-2025-191 A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of servicePYSEC-2025-198 In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.PYSEC-2025-203 An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.PYSEC-2025-204 pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.PYSEC-2025-205 A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).PYSEC-2025-206 pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().PYSEC-2025-207 A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).PYSEC-2025-208 A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a PYSEC-2025-209 An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.PYSEC-2025-41 PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command EPYSEC-2026-139 A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be peGHSA-887c-mr87-cxwp PyTorch Improper Resource Shutdown or Release vulnerabilityCode that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
guarddog-pypi-code-execution code-execution match in numpy 1.26.4guarddog-pypi-exfiltrate-sensitive-data exfiltrate-sensitive-data match in torch 2.12.0guarddog-pypi-obfuscation obfuscation match in torch 2.12.0A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
scorecard-overall OpenSSF Scorecard overall: 2.7/10scorecard-CII-Best-Practices CII-Best-Practices scored 0: no effort to earn an OpenSSF best practices badge detectedscorecard-Code-Review Code-Review scored 0: Found 0/1 approved changesets -- score normalized to 0scorecard-Contributors Contributors scored 0: project has 0 contributing companies or organizations -- score normalized to 0scorecard-Dependency-Update-Tool Dependency-Update-Tool scored 0: no update tool detectedscorecard-Fuzzing Fuzzing scored 0: project is not fuzzedscorecard-Maintained Maintained scored 0: project was created within the last 90 days. Please review its contents carefullyscorecard-SAST SAST scored 0: no SAST tool detected