gitsafehub
github.com/hindupuravinash/the-gan-zoo ↗

hindupuravinash/the-gan-zoo

scanned 2026-06-27 · git 375f2be
2 of 6 checks flagged a security issue
🔴 Needs attention
Only 5 of 6 checks finished — treat this as provisional. Re-check ↻

Informational scan, not a security audit. How this is computed.

Leaked secretsVulnerable dependencies73Known OSS vulnerabilities130Risky code patternsMalicious dependenciesProject health8

Security checks

Leaked secrets — Gitleaks none found ✓

API keys, passwords or tokens committed into the repo.

Nothing found by this check. ✓

via Gitleaks v8.21.2 · MIT

Vulnerable dependencies — Trivy 73 found · 8 serious

Packages you depend on that have known security holes (CVEs).

  • Serious CVE-2020-11538 python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2
    requirements.txt
    A package you depend on has a known security hole (CVE-2020-11538). Fix: Update that package to its patched version.
  • Serious CVE-2020-5310 python-pillow: Integer overflow leading to buffer overflow in ImagingLibTiffDecode
    requirements.txt
    A package you depend on has a known security hole (CVE-2020-5310). Fix: Update that package to its patched version.
  • Serious CVE-2020-5311 python-pillow: out-of-bounds write in expandrow in libImaging/SgiRleDecode.c
    requirements.txt
    A package you depend on has a known security hole (CVE-2020-5311). Fix: Update that package to its patched version.
  • Serious CVE-2020-5312 python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c
    requirements.txt
    A package you depend on has a known security hole (CVE-2020-5312). Fix: Update that package to its patched version.
  • Serious CVE-2021-25289 python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c
    requirements.txt
    A package you depend on has a known security hole (CVE-2021-25289). Fix: Update that package to its patched version.
  • Serious CVE-2021-34552 python-pillow: Buffer overflow in image convert function
    requirements.txt
    A package you depend on has a known security hole (CVE-2021-34552). Fix: Update that package to its patched version.
  • Serious CVE-2022-22817 python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions
    requirements.txt
    A package you depend on has a known security hole (CVE-2022-22817). Fix: Update that package to its patched version.
  • Serious CVE-2023-50447 pillow: Arbitrary Code Execution via the environment parameter
    requirements.txt
    A package you depend on has a known security hole (CVE-2023-50447). Fix: Update that package to its patched version.
  • Worth fixing CVE-2019-10906 python-jinja2: str.format_map allows sandbox escape
    requirements.txt
    A package you depend on has a known security hole (CVE-2019-10906). Fix: Update that package to its patched version.
  • Worth fixing CVE-2020-28493 python-jinja2: ReDoS vulnerability in the urlize filter
    requirements.txt
    A package you depend on has a known security hole (CVE-2020-28493). Fix: Update that package to its patched version.
  • Worth fixing CVE-2024-22195 jinja2: HTML attribute injection when passing user input as keys to xmlattr filter
    requirements.txt
    A package you depend on has a known security hole (CVE-2024-22195). Fix: Update that package to its patched version.
  • Worth fixing CVE-2024-34064 jinja2: accepts keys containing non-attribute characters
    requirements.txt
    A package you depend on has a known security hole (CVE-2024-34064). Fix: Update that package to its patched version.
  • Worth fixing CVE-2024-56326 jinja2: Jinja has a sandbox breakout through indirect reference to format method
    requirements.txt
    A package you depend on has a known security hole (CVE-2024-56326). Fix: Update that package to its patched version.
  • Worth fixing CVE-2025-27516 jinja2: Jinja sandbox breakout through attr filter selecting format method
    requirements.txt
    A package you depend on has a known security hole (CVE-2025-27516). Fix: Update that package to its patched version.
  • Worth fixing CVE-2019-16865 python-pillow: reading specially crafted image files leads to allocation of large amounts of memory and denial of service
    requirements.txt
    A package you depend on has a known security hole (CVE-2019-16865). Fix: Update that package to its patched version.
  • Worth fixing CVE-2019-19911 python-pillow: uncontrolled resource consumption in FpxImagePlugin.py
    requirements.txt
    A package you depend on has a known security hole (CVE-2019-19911). Fix: Update that package to its patched version.
  • Worth fixing CVE-2020-10177 python-pillow: multiple out-of-bounds reads in libImaging/FliDecode.c
    requirements.txt
    A package you depend on has a known security hole (CVE-2020-10177). Fix: Update that package to its patched version.
  • Worth fixing CVE-2020-10378 python-pillow: an out-of-bounds read in libImaging/PcxDecode.c can occur when reading PCX files
    requirements.txt
    A package you depend on has a known security hole (CVE-2020-10378). Fix: Update that package to its patched version.
  • Worth fixing CVE-2020-10379 python-pillow: two buffer overflows in libImaging/TiffDecode.c due to small buffers allocated in ImagingLibTiffDecode()
    requirements.txt
    A package you depend on has a known security hole (CVE-2020-10379). Fix: Update that package to its patched version.
  • Worth fixing CVE-2020-10994 python-pillow: multiple out-of-bounds reads via a crafted JP2 file
    requirements.txt
    A package you depend on has a known security hole (CVE-2020-10994). Fix: Update that package to its patched version.
  • Worth fixing CVE-2020-35653 python-pillow: Buffer over-read in PCX image reader
    requirements.txt
    A package you depend on has a known security hole (CVE-2020-35653). Fix: Update that package to its patched version.
  • Worth fixing CVE-2020-35654 python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow
    requirements.txt
    A package you depend on has a known security hole (CVE-2020-35654). Fix: Update that package to its patched version.
  • Worth fixing CVE-2020-5313 python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images
    requirements.txt
    A package you depend on has a known security hole (CVE-2020-5313). Fix: Update that package to its patched version.
  • Worth fixing CVE-2021-23437 python-pillow: possible ReDoS via the getrgb function
    requirements.txt
    A package you depend on has a known security hole (CVE-2021-23437). Fix: Update that package to its patched version.
  • Worth fixing CVE-2021-25287 python-pillow: Out-of-bounds read in J2K image reader
    requirements.txt
    A package you depend on has a known security hole (CVE-2021-25287). Fix: Update that package to its patched version.
… 48 more not shown

via Trivy v0.70.0 · Apache-2.0

Known OSS vulnerabilities — OSV-Scanner 130 found · 23 serious

Your dependencies cross-checked against the OSV vulnerability database.

  • Serious PYSEC-2020-80 In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2020-11538). Fix: Update that package to its patched version.
  • Serious PYSEC-2020-81 libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2020-5310). Fix: Update that package to its patched version.
  • Serious PYSEC-2020-82 libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2020-5311). Fix: Update that package to its patched version.
  • Serious PYSEC-2020-83 libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2020-5312). Fix: Update that package to its patched version.
  • Serious PYSEC-2021-137 An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2021-25287). Fix: Update that package to its patched version.
  • Serious PYSEC-2021-138 An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2021-25288). Fix: Update that package to its patched version.
  • Serious PYSEC-2021-331 Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2021-34552). Fix: Update that package to its patched version.
  • Serious PYSEC-2021-35 An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOT
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2021-25289). Fix: Update that package to its patched version.
  • Serious PYSEC-2022-10 PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2022-22817). Fix: Update that package to its patched version.
  • Serious PYSEC-2022-168 Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2022-24303). Fix: Update that package to its patched version.
  • Serious GHSA-3f63-hfp8-52jq Arbitrary Code Execution in Pillow
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2023-50447). Fix: Update that package to its patched version.
  • Serious PYSEC-2019-108 ** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2019-6446). Fix: Update that package to its patched version.
  • Serious PYSEC-2020-80 In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2020-11538). Fix: Update that package to its patched version.
  • Serious PYSEC-2020-81 libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2020-5310). Fix: Update that package to its patched version.
  • Serious PYSEC-2020-82 libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2020-5311). Fix: Update that package to its patched version.
  • Serious PYSEC-2020-83 libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2020-5312). Fix: Update that package to its patched version.
  • Serious PYSEC-2021-137 An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2021-25287). Fix: Update that package to its patched version.
  • Serious PYSEC-2021-138 An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2021-25288). Fix: Update that package to its patched version.
  • Serious PYSEC-2021-331 Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2021-34552). Fix: Update that package to its patched version.
  • Serious PYSEC-2021-35 An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOT
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2021-25289). Fix: Update that package to its patched version.
  • Serious PYSEC-2022-10 PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2022-22817). Fix: Update that package to its patched version.
  • Serious PYSEC-2022-168 Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2022-24303). Fix: Update that package to its patched version.
  • Serious GHSA-3f63-hfp8-52jq Arbitrary Code Execution in Pillow
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2023-50447). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2019-217 In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2019-10906). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2021-66 This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the
    /workdirs/scan-d8928906-ae25-4648-b7a8-d4b19656c3de/requirements.txt
    A package you depend on has a known security hole (CVE-2020-28493). Fix: Update that package to its patched version.
… 105 more not shown

via OSV-Scanner v1.9.2 · Apache-2.0

Risky code patterns — Semgrep none found ✓

Code that can be exploited — injection, hardcoded credentials and similar.

Nothing found by this check. ✓

via Semgrep v1.147.0 · LGPL-2.1

Malicious dependencies — Guarddog couldn’t run

Packages that look intentionally malicious — typosquats, sneaky install scripts.

This check didn’t finish — that’s not the same as “clean.” Try Check again above.

via Guarddog v2.10.0 · Apache-2.0

error: pypi:Traceback (most recent call last): File "/usr/local/bin/guarddog", line 5, in <module> from guarddog.cli import cl

Project health

A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.

Project health — OpenSSF Scorecard 8 notes

Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.

  • Worth fixing scorecard-overall OpenSSF Scorecard overall: 2.7/10
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-CI-Tests CI-Tests scored 0: 0 out of 7 merged PRs checked by a CI test -- score normalized to 0
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-CII-Best-Practices CII-Best-Practices scored 0: no effort to earn an OpenSSF best practices badge detected
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-Dependency-Update-Tool Dependency-Update-Tool scored 0: no update tool detected
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-Fuzzing Fuzzing scored 0: project is not fuzzed
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-Maintained Maintained scored 0: 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-SAST SAST scored 0: SAST tool is not run on all commits -- score normalized to 0
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.
  • Minor scorecard-Security-Policy Security-Policy scored 0: security policy file not detected
    A project-health signal (maintenance / supply-chain hygiene) — not a vulnerability in your code.

via OpenSSF Scorecard v5.5.0 · Apache-2.0

About these results. Six open-source checks ran in parallel; every finding is tagged with the tool that produced it. The verdict follows a published rule. False positives and false negatives are normal — a clean scan does not mean the code is secure, and a red verdict does not mean the project is compromised.