Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
Nothing found by this check. ✓
Packages you depend on that have known security holes (CVEs).
GHSA-353f-x4gh-cqq8 Nokogiri patches vendored libxml2 to resolve multiple CVEsCVE-2022-23476 rubygem-nokogiri: Denial of serviceGHSA-c4rq-3m3g-8wgx Nokogiri CSS selector tokenizer has regular expression backtrackingGHSA-mrxw-mxhj-p664 Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEsGHSA-2qc6-mcvw-92cw Update bundled libxml2 to v2.10.3 to resolve multiple CVEsGHSA-pxvg-2qj5-37jq Update packaged libxml2 to v2.10.4 to resolve multiple CVEsGHSA-v2fc-qm4h-8hqv Nokogiri XSLT transform has a memory leakGHSA-wx95-c6cv-8532 Nokogiri does not check the return value from xmlC14NExecuteGHSA-xc9x-jj77-9p9j Use-after-free in libxml2 via Nokogiri::XML::ReaderGHSA-5w6v-399v-w3cc Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415GHSA-r95h-9x8f-r3f7 Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459GHSA-vvfq-8hwr-qm4m Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171Your dependencies cross-checked against the OSV vulnerability database.
GHSA-353f-x4gh-cqq8 Nokogiri patches vendored libxml2 to resolve multiple CVEsGHSA-c4rq-3m3g-8wgx Nokogiri CSS selector tokenizer has regular expression backtrackingGHSA-mrxw-mxhj-p664 Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEsGHSA-qv4q-mr5r-qprj Unchecked return value from xmlTextReaderExpandGHSA-5w6v-399v-w3cc Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415GHSA-r95h-9x8f-r3f7 Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459GHSA-vvfq-8hwr-qm4m Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171GHSA-2qc6-mcvw-92cw Update bundled libxml2 to v2.10.3 to resolve multiple CVEsGHSA-pxvg-2qj5-37jq Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEsGHSA-v2fc-qm4h-8hqv Nokogiri XSLT transform has a memory leakGHSA-wx95-c6cv-8532 Nokogiri does not check the return value from xmlC14NExecuteGHSA-xc9x-jj77-9p9j Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062Code that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
Nothing found by this check. ✓
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
scorecard-overall OpenSSF Scorecard overall: 3.6/10scorecard-CI-Tests CI-Tests scored 0: 0 out of 13 merged PRs checked by a CI test -- score normalized to 0scorecard-CII-Best-Practices CII-Best-Practices scored 0: no effort to earn an OpenSSF best practices badge detectedscorecard-Fuzzing Fuzzing scored 0: project is not fuzzedscorecard-License License scored 0: license file not detectedscorecard-Maintained Maintained scored 0: 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0scorecard-Pinned-Dependencies Pinned-Dependencies scored 0: dependency not pinned by hash detected -- score normalized to 0scorecard-SAST SAST scored 0: SAST tool is not run on all commits -- score normalized to 0scorecard-Security-Policy Security-Policy scored 0: security policy file not detectedscorecard-Token-Permissions Token-Permissions scored 0: detected GitHub workflow tokens with excessive permissionsscorecard-Vulnerabilities Vulnerabilities scored 0: 12 existing vulnerabilities detected