Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
Nothing found by this check. ✓
Packages you depend on that have known security holes (CVEs).
CVE-2026-45409 Internationalized Domain Names in Applications (IDNA) for Python provi ...CVE-2024-47081 requests: Requests vulnerable to .netrc credentials leak via malicious URLsCVE-2026-25645 requests: Requests: Security bypass due to predictable temporary file creationCVE-2025-66418 urllib3: urllib3: Unbounded decompression chain leads to resource exhaustionCVE-2025-66471 urllib3: urllib3 Streaming API improperly handles highly compressed dataCVE-2026-21441 urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)CVE-2026-44431 urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headersCVE-2025-50181 urllib3: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiationCVE-2025-50182 urllib3: urllib3 does not control redirects in browsers and Node.jsYour dependencies cross-checked against the OSV vulnerability database.
Nothing found by this check. ✓
Code that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.