Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.Packages you depend on that have known security holes (CVEs).
CVE-2023-6572 Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerabilityCVE-2024-1728 Gradio allows users to access arbitrary filesCVE-2025-23042 Gradio Blocked Path ACL Bypass VulnerabilityCVE-2025-43859 h11: h11 accepts some malformed Chunked-Encoding bodiesCVE-2023-50447 pillow: Arbitrary Code Execution via the environment parameterCVE-2023-47248 PyArrow: Arbitrary code execution when loading a malicious data fileCVE-2024-8019 PyTorch Lightning path traversal vulnerabilityCVE-2025-32434 PyTorch is a Python package that provides tensor computation with stro ...CVE-2023-6730 transformers has a Deserialization of Untrusted Data vulnerabilityCVE-2024-23334 aiohttp: follow_symlinks directory traversal vulnerabilityCVE-2024-30251 aiohttp: DoS when trying to parse malformed POST requestsCVE-2025-69223 aiohttp: AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bombCVE-2023-47627 python-aiohttp: numerous issues in HTTP parser with header parsingCVE-2023-49081 aiohttp: HTTP request modificationCVE-2023-49082 aiohttp: CRLF injection if user controls the HTTP method using aiohttp clientCVE-2024-23829 python-aiohttp: http request smugglingCVE-2024-27306 aiohttp: XSS on index pages for static file handlingCVE-2024-52304 aiohttp: aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensionsCVE-2025-69227 aiohttp: aiohttp: Denial of Service via specially crafted POST requestCVE-2025-69228 aiohttp: aiohttp: Denial of Service via memory exhaustion from crafted POST requestCVE-2025-69229 aiohttp: AIOHTTP: Denial of Service via excessive CPU usage in chunked message handlingCVE-2026-22815 aiohttp: AIOHTTP: Denial of Service via insufficient header/trailer handlingCVE-2026-34515 aiohttp: AIOHTTP: Information disclosure via static resource handler on WindowsCVE-2026-34516 aiohttp: AIOHTTP: Denial of Service via excessive multipart headersCVE-2026-34525 aiohttp: aiohttp: Security bypass via multiple Host headersYour dependencies cross-checked against the OSV vulnerability database.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
Code that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.