Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
Packages you depend on that have known security holes (CVEs).
GHSA-q5fm-55c2-v6j9 Fiona affected by CVE-2023-45853 related to MiniZip madler-zlibCVE-2026-44727 Jupyter Server is the backend for Jupyter web applications. Prior to 2 ...CVE-2026-44727 Jupyter Server is the backend for Jupyter web applications. Prior to 2 ...CVE-2025-69662 SQL injection vulnerability in geopandas before v.1.1.2 allows an atta ...CVE-2025-53000 nbconvert: nbconvert: Arbitrary code execution via malicious SVG to PDF conversion on WindowsCVE-2021-32862 The GitHub Security Lab discovered sixteen ways to exploit a cross-sit ...CVE-2026-4800 lodash: lodash: Arbitrary code execution via untrusted input in template importsCVE-2025-13465 lodash: prototype pollution in _.unset and _.omit functionsCVE-2026-2950 lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypassCVE-2026-5758 protocol-buffers-schema: protocol-buffers-schema: Remote code execution via prototype pollutionCVE-2023-41334 Astropy is a project for astronomy in Python that fosters interoperabi ...CVE-2023-41334 Astropy is a project for astronomy in Python that fosters interoperabi ...GHSA-gj48-438w-jh9v Bleach clean() / Cleaner() fails to sanitize dangerous URI schemes in allowed formaction attributesGHSA-gj48-438w-jh9v Bleach clean() / Cleaner() fails to sanitize dangerous URI schemes in allowed formaction attributesGHSA-gj48-438w-jh9v Bleach clean() / Cleaner() fails to sanitize dangerous URI schemes in allowed formaction attributesCVE-2025-68146 filelock: filelock: Time-of-Check-Time-of-Use (TOCTOU) race condition and symlink attack allows arbitrary file corruption or truncationCVE-2026-22701 filelock: filelock Time-of-Check-Time-of-Use (TOCTOU) in SoftFileLockCVE-2025-68146 filelock: filelock: Time-of-Check-Time-of-Use (TOCTOU) race condition and symlink attack allows arbitrary file corruption or truncationCVE-2026-22701 filelock: filelock Time-of-Check-Time-of-Use (TOCTOU) in SoftFileLockGHSA-g4m4-9q4c-mfw6 Fiona affected by CVE-2020-14152 related to madler-zlibCVE-2025-66034 fonttools: fontTools: Arbitrary file write leading to remote code execution via malicious .designspace fileCVE-2025-69662 SQL injection vulnerability in geopandas before v.1.1.2 allows an atta ...CVE-2025-69662 SQL injection vulnerability in geopandas before v.1.1.2 allows an atta ...CVE-2026-45409 Internationalized Domain Names in Applications (IDNA) for Python provi ...CVE-2026-35397 jupyter-server: Jupyter Server: Unauthorized File Access via Path Traversal VulnerabilityYour dependencies cross-checked against the OSV vulnerability database.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
Code that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
scorecard-overall OpenSSF Scorecard overall: 6.8/10scorecard-CII-Best-Practices CII-Best-Practices scored 0: no effort to earn an OpenSSF best practices badge detectedscorecard-Fuzzing Fuzzing scored 0: project is not fuzzedscorecard-SAST SAST scored 0: SAST tool is not run on all commits -- score normalized to 0scorecard-Signed-Releases Signed-Releases scored 0: Project has not signed or included provenance with any releases.scorecard-Token-Permissions Token-Permissions scored 0: detected GitHub workflow tokens with excessive permissions