Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
Nothing found by this check. ✓
Packages you depend on that have known security holes (CVEs).
CVE-2026-25541 Bytes is a utility library for working with bytes. From version 1.2.1 ...CVE-2026-25541 Bytes is a utility library for working with bytes. From version 1.2.1 ...CVE-2026-25541 Bytes is a utility library for working with bytes. From version 1.2.1 ...GHSA-cq8v-f236-94qc Rand is unsound with a custom logger using rand::rng()Your dependencies cross-checked against the OSV vulnerability database.
GHSA-394x-vwmw-crm3 AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CNGHSA-65p9-r9h6-22vj AWS-LC has Timing Side-Channel in AES-CCM Tag VerificationGHSA-9f94-5g5w-gf6r CRL Distribution Point Scope Check Logic Error in AWS-LCGHSA-hfpc-8r3f-gw53 AWS-LC has PKCS7_verify Signature Validation BypassGHSA-vw5v-4f2q-w9xf AWS-LC has PKCS7_verify Certificate Chain Validation BypassGHSA-6xvm-j4wr-6v98 Quinn affected by unauthenticated remote DoS via panic in QUIC transport parameter parsingGHSA-82j2-j2ch-gfr8 rustls-webpki: Denial of service via panic on malformed CRL BIT STRINGGHSA-394x-vwmw-crm3 AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CNGHSA-65p9-r9h6-22vj AWS-LC has Timing Side-Channel in AES-CCM Tag VerificationGHSA-9f94-5g5w-gf6r CRL Distribution Point Scope Check Logic Error in AWS-LCGHSA-hfpc-8r3f-gw53 AWS-LC has PKCS7_verify Signature Validation BypassGHSA-vw5v-4f2q-w9xf AWS-LC has PKCS7_verify Certificate Chain Validation BypassGHSA-6xvm-j4wr-6v98 Quinn affected by unauthenticated remote DoS via panic in QUIC transport parameter parsingGHSA-82j2-j2ch-gfr8 rustls-webpki: Denial of service via panic on malformed CRL BIT STRINGGHSA-cq8v-f236-94qc Rand is unsound with a custom logger using rand::rng()GHSA-cq8v-f236-94qc Rand is unsound with a custom logger using rand::rng()GHSA-cq8v-f236-94qc Rand is unsound with a custom logger using rand::rng()GHSA-965h-392x-2mh5 webpki: Name constraints for URI names were incorrectly acceptedGHSA-xgp8-3hg3-c2mh webpki: Name constraints were accepted for certificates asserting a wildcard nameGHSA-cq8v-f236-94qc Rand is unsound with a custom logger using rand::rng()GHSA-cq8v-f236-94qc Rand is unsound with a custom logger using rand::rng()GHSA-965h-392x-2mh5 webpki: Name constraints for URI names were incorrectly acceptedGHSA-xgp8-3hg3-c2mh webpki: Name constraints were accepted for certificates asserting a wildcard nameRUSTSEC-2026-0007 Integer overflow in `BytesMut::reserve`GHSA-434x-w66g-qw3r bytes has integer overflow in BytesMut::reserveCode that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
Nothing found by this check. ✓
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
scorecard-overall OpenSSF Scorecard overall: 3.3/10scorecard-CII-Best-Practices CII-Best-Practices scored 0: no effort to earn an OpenSSF best practices badge detectedscorecard-Code-Review Code-Review scored 0: Found 0/24 approved changesets -- score normalized to 0scorecard-Contributors Contributors scored 0: project has 0 contributing companies or organizations -- score normalized to 0scorecard-Dependency-Update-Tool Dependency-Update-Tool scored 0: no update tool detectedscorecard-Fuzzing Fuzzing scored 0: project is not fuzzedscorecard-Pinned-Dependencies Pinned-Dependencies scored 0: dependency not pinned by hash detected -- score normalized to 0scorecard-SAST SAST scored 0: SAST tool is not run on all commits -- score normalized to 0scorecard-Security-Policy Security-Policy scored 0: security policy file not detectedscorecard-Token-Permissions Token-Permissions scored 0: detected GitHub workflow tokens with excessive permissionsscorecard-Vulnerabilities Vulnerabilities scored 0: 16 existing vulnerabilities detected