Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
Nothing found by this check. ✓
Packages you depend on that have known security holes (CVEs).
CVE-2026-34993 aiohttp: AIOHTTP: Arbitrary code execution via untrusted input to CookieJar.load()CVE-2026-47265 python-aiohttp: AIOHTTP: Information disclosure via improper handling of cookies during cross-origin redirectsCVE-2026-54273 aiohttp: AIOHTTP: Denial of Service via excessive pipelined requestsCVE-2026-54274 aiohttp: aiohttp: Denial of Service via incomplete websocket frame payloadsCVE-2026-54276 aiohttp: aiohttp: Information disclosure via DigestAuthMiddleware after cross-origin redirectCVE-2026-54277 aiohttp: aiohttp: Denial of Service via oversized HTTP request lines bypassing max_line_size checkCVE-2026-54278 aiohttp: aiohttp: Denial of Service due to excessive memory consumption from compressed request bodyGHSA-537c-gmf6-5ccf Vulnerable OpenSSL included in cryptography wheelsCVE-2026-44513 Diffusers: Diffusers: Arbitrary remote code execution via `trust_remote_code` bypassCVE-2026-45804 Diffusers: TOCTOU Trust Remote Code BypassCVE-2026-45409 Internationalized Domain Names in Applications (IDNA) for Python provi ...GHSA-6v7p-g79w-8964 MessagePack for Python: Out-of-bounds read / crash on Unpacker reuse after a caught errorCVE-2026-27489 onnx: ONNX: Information Disclosure via Path Traversal VulnerabilityCVE-2026-28500 onnx: ONNX: Untrusted Model Repository Warnings SuppressedCVE-2026-34445 ONNX: ONNX: Denial of Service and potential information disclosure via malicious model metadataGHSA-q56x-g2fj-4rj6 ONNX: TOCTOU arbitrary file read/write in save_external_dat CVE-2026-34446 onnx: ONNX: Information disclosure through hardlink path traversalCVE-2026-34447 Open Neural Network Exchange (ONNX) is an open standard for machine le ...CVE-2026-1839 transformers: HuggingFace Transformers: Arbitrary code execution via malicious checkpoint fileCVE-2026-34993 aiohttp: AIOHTTP: Arbitrary code execution via untrusted input to CookieJar.load()CVE-2026-47265 python-aiohttp: AIOHTTP: Information disclosure via improper handling of cookies during cross-origin redirectsCVE-2026-54273 aiohttp: AIOHTTP: Denial of Service via excessive pipelined requestsCVE-2026-54274 aiohttp: aiohttp: Denial of Service via incomplete websocket frame payloadsCVE-2026-54276 aiohttp: aiohttp: Information disclosure via DigestAuthMiddleware after cross-origin redirectCVE-2026-54277 aiohttp: aiohttp: Denial of Service via oversized HTTP request lines bypassing max_line_size checkYour dependencies cross-checked against the OSV vulnerability database.
Nothing found by this check. ✓
Code that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
scorecard-overall OpenSSF Scorecard overall: 5.7/10scorecard-CII-Best-Practices CII-Best-Practices scored 0: no effort to earn an OpenSSF best practices badge detectedscorecard-Fuzzing Fuzzing scored 0: project is not fuzzedscorecard-Pinned-Dependencies Pinned-Dependencies scored 0: dependency not pinned by hash detected -- score normalized to 0scorecard-SAST SAST scored 0: SAST tool is not run on all commits -- score normalized to 0scorecard-Security-Policy Security-Policy scored 0: security policy file not detectedscorecard-Token-Permissions Token-Permissions scored 0: detected GitHub workflow tokens with excessive permissions