Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
Nothing found by this check. ✓
Packages you depend on that have known security holes (CVEs).
CVE-2024-27308 CVE-2024-27308 affecting package rpm-ostree for versions less than 2024.4-1CVE-2022-24713 Mozilla: Denial of Service via complex regular expressionsGHSA-9hpw-r23r-xgm5 Data race in `Iter` and `IterMut`GHSA-rr8g-9fpq-6wmg Tokio broadcast channel calls clone in parallel, but does not require `Sync`CVE-2025-58160 tracing-subscriber: Tracing log pollutionYour dependencies cross-checked against the OSV vulnerability database.
RUSTSEC-2024-0019 Tokens for named pipes may be delivered after deregistrationRUSTSEC-2022-0013 Regexes with large repetitions on empty sub-expressions take a very long time to parseRUSTSEC-2025-0023 Broadcast channel calls clone in parallel, but does not require `Sync`RUSTSEC-2025-0055 Logging user input may result in poisoning logs with ANSI escape sequencesRUSTSEC-2021-0139 ansi_term is UnmaintainedRUSTSEC-2021-0139 ansi_term is UnmaintainedRUSTSEC-2021-0145 Potential unaligned readRUSTSEC-2024-0375 `atty` is unmaintainedRUSTSEC-2020-0159 Potential segfault in `localtime_r` invocationsRUSTSEC-2024-0370 proc-macro-error is unmaintainedRUSTSEC-2022-0104 `structopt` is in maintenance modeRUSTSEC-2022-0006 Data race in `Iter` and `IterMut`Code that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
Nothing found by this check. ✓
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.