Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
Nothing found by this check. ✓
Packages you depend on that have known security holes (CVEs).
CVE-2017-18640 snakeyaml: Billion laughs attack via alias featureCVE-2022-1471 SnakeYaml: Constructor Deserialization Remote Code ExecutionCVE-2022-25857 snakeyaml: Denial of Service due to missing nested depth limitation for collectionsCVE-2022-38749 snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNodeCVE-2022-38750 snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectCVE-2022-38751 snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.matchCVE-2022-38752 snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCodeCVE-2022-41854 dev-java/snakeyaml: DoS via stack overflowCVE-2017-18640 snakeyaml: Billion laughs attack via alias featureCVE-2022-1471 SnakeYaml: Constructor Deserialization Remote Code ExecutionCVE-2022-25857 snakeyaml: Denial of Service due to missing nested depth limitation for collectionsCVE-2022-38749 snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNodeCVE-2022-38750 snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectCVE-2022-38751 snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.matchCVE-2022-38752 snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCodeCVE-2022-41854 dev-java/snakeyaml: DoS via stack overflowYour dependencies cross-checked against the OSV vulnerability database.
GHSA-3mc7-4q67-w48m Uncontrolled Resource Consumption in snakeyamlGHSA-mjmj-j48q-9wg2 SnakeYaml Constructor Deserialization Remote Code ExecutionGHSA-rvwf-54qp-4r6v SnakeYAML Entity Expansion during load operationGHSA-98wm-3w3q-mw94 snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds WriteGHSA-9w3m-gqgf-c4p9 snakeYAML before 1.32 vulnerable to Denial of Service due to Out-of-bounds WriteGHSA-c4r9-r8fh-9vj2 snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds WriteGHSA-hhhw-99gj-p3c3 snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds WriteGHSA-w37g-rhq8-7m4j Snakeyaml vulnerable to Stack overflow leading to denial of serviceCode that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
Nothing found by this check. ✓
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
scorecard-overall OpenSSF Scorecard overall: 2.0/10scorecard-CI-Tests CI-Tests scored 0: 0 out of 4 merged PRs checked by a CI test -- score normalized to 0scorecard-CII-Best-Practices CII-Best-Practices scored 0: no effort to earn an OpenSSF best practices badge detectedscorecard-Dependency-Update-Tool Dependency-Update-Tool scored 0: no update tool detectedscorecard-Fuzzing Fuzzing scored 0: project is not fuzzedscorecard-Maintained Maintained scored 0: project is archivedscorecard-SAST SAST scored 0: SAST tool is not run on all commits -- score normalized to 0scorecard-Security-Policy Security-Policy scored 0: security policy file not detectedscorecard-Signed-Releases Signed-Releases scored 0: Project has not signed or included provenance with any releases.