Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
Nothing found by this check. ✓
Packages you depend on that have known security holes (CVEs).
CVE-2025-7783 form-data: Unsafe random function in form-dataCVE-2025-7783 form-data: Unsafe random function in form-dataCVE-2025-27789 Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groupsCVE-2025-69873 ajv: ReDoS via $data referenceCVE-2022-46175 json5: Prototype Pollution in JSON5 via Parse MethodCVE-2022-21680 marked: regular expression block.def may lead Denial of ServiceCVE-2022-21681 marked: regular expression inline.reflinkSearch may lead Denial of ServiceCVE-2024-55565 nanoid: nanoid mishandles non-integer valuesCVE-2023-44270 PostCSS: Improper input validation in PostCSSCVE-2026-41305 postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tagsCVE-2022-25887 sanitize-html: insecure global regular expression replacement logic may lead to ReDoSCVE-2024-21501 sanitize-html: Information Exposure when used on the backendCVE-2024-37890 nodejs-ws: denial of service when handling a request with many HTTP headersCVE-2026-48779 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragmentsCVE-2025-69873 ajv: ReDoS via $data referenceCVE-2024-45590 body-parser: Denial of Service Vulnerability in body-parserCVE-2026-33750 brace-expansion: brace-expansion: Denial of Service via zero step value in brace patternCVE-2026-33750 brace-expansion: brace-expansion: Denial of Service via zero step value in brace patternCVE-2024-21538 cross-spawn: regular expression denial of serviceCVE-2024-29041 express: cause malformed URLs to be evaluatedCVE-2023-26159 follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()CVE-2024-28849 follow-redirects: Possible credential leakGHSA-r4q5-vmmm-2653 follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect TargetsCVE-2026-12143 form-data is a library for creating readable multipart/form-data strea ...CVE-2026-48038 joi has an uncaught RangeError on deeply nested input through recursive `link()` schemasYour dependencies cross-checked against the OSV vulnerability database.
PYSEC-2026-548 TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operationPYSEC-2026-369 Keras code injection vulnerabilityGHSA-hjqc-jx6g-rwp9 Keras Directory Traversal VulnerabilityPYSEC-2026-457 Arbitrary Code Execution in PillowPYSEC-2026-548 TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operationPYSEC-2026-369 Keras code injection vulnerabilityGHSA-hjqc-jx6g-rwp9 Keras Directory Traversal VulnerabilityGHSA-hjqc-jx6g-rwp9 Keras Directory Traversal VulnerabilityPYSEC-2026-548 TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operationPYSEC-2022-43015 In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.PYSEC-2024-259 In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.PYSEC-2025-41 PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command EPYSEC-2026-369 Keras code injection vulnerabilityGHSA-hjqc-jx6g-rwp9 Keras Directory Traversal VulnerabilityPYSEC-2026-457 Arbitrary Code Execution in PillowGHSA-76p3-8jx3-jpfq Prototype pollution in webpack loader-utilsGHSA-hc6q-2mpp-qw7j Cross-realm object access in Webpack 5GHSA-67hx-6x53-jw92 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious codeGHSA-fjxv-7rqg-78g4 form-data uses unsafe random function in form-data for choosing boundaryGHSA-fjxv-7rqg-78g4 form-data uses unsafe random function in form-data for choosing boundaryGHSA-67hx-6x53-jw92 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious codeGHSA-fjxv-7rqg-78g4 form-data uses unsafe random function in form-data for choosing boundaryGHSA-w7jw-789q-3m8p shell-quote quote() does not escape newlines in object .op valuesGHSA-49rq-hwc3-x77w TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantizeGHSA-558h-mq8x-7q9g TensorFlow has Null Pointer Error in SparseSparseMaximumCode that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.