gitsafehub
github.com/unstructured-io/unstructured ↗

unstructured-io/unstructured

scanned 2026-06-27 · git f6eea75
2 of 6 checks flagged a security issue
🔴 Needs attention
Only 3 of 6 checks finished — treat this as provisional. Re-check ↻

Informational scan, not a security audit. How this is computed.

Leaked secretsVulnerable dependencies43Known OSS vulnerabilities49Risky code patternsMalicious dependenciesProject health

Security checks

Leaked secrets — Gitleaks timed out

API keys, passwords or tokens committed into the repo.

This check didn’t finish — that’s not the same as “clean.” Try Check again above.

via Gitleaks v8.21.2 · MIT

error: timeout after 1800s

Vulnerable dependencies — Trivy 43 found

Packages you depend on that have known security holes (CVEs).

  • Worth fixing CVE-2026-34993 aiohttp: AIOHTTP: Arbitrary code execution via untrusted input to CookieJar.load()
    uv.lock
    A package you depend on has a known security hole (CVE-2026-34993). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-47265 python-aiohttp: AIOHTTP: Information disclosure via improper handling of cookies during cross-origin redirects
    uv.lock
    A package you depend on has a known security hole (CVE-2026-47265). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-54273 aiohttp: AIOHTTP: Denial of Service via excessive pipelined requests
    uv.lock
    A package you depend on has a known security hole (CVE-2026-54273). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-54274 aiohttp: aiohttp: Denial of Service via incomplete websocket frame payloads
    uv.lock
    A package you depend on has a known security hole (CVE-2026-54274). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-54276 aiohttp: aiohttp: Information disclosure via DigestAuthMiddleware after cross-origin redirect
    uv.lock
    A package you depend on has a known security hole (CVE-2026-54276). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-54277 aiohttp: aiohttp: Denial of Service via oversized HTTP request lines bypassing max_line_size check
    uv.lock
    A package you depend on has a known security hole (CVE-2026-54277). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-54278 aiohttp: aiohttp: Denial of Service due to excessive memory consumption from compressed request body
    uv.lock
    A package you depend on has a known security hole (CVE-2026-54278). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-41425 authlib: Authlib: Cross-Site Request Forgery (CSRF) vulnerability in OAuth cache feature
    uv.lock
    A package you depend on has a known security hole (CVE-2026-41425). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-41479 Authlib is a Python library which builds OAuth and OpenID Connect serv ...
    uv.lock
    A package you depend on has a known security hole (CVE-2026-41479). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-44681 Authlib is a Python library which builds OAuth and OpenID Connect serv ...
    uv.lock
    A package you depend on has a known security hole (CVE-2026-44681). Fix: Update that package to its patched version.
  • Worth fixing GHSA-537c-gmf6-5ccf Vulnerable OpenSSL included in cryptography wheels
    uv.lock
    A package you depend on has a known security hole (GHSA-537c-gmf6-5ccf). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-45409 Internationalized Domain Names in Applications (IDNA) for Python provi ...
    uv.lock
    A package you depend on has a known security hole (CVE-2026-45409). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-44843 LangChain vulnerable to unsafe deserialization of attacker-controlled objects through overly broad `load()` allowlists
    uv.lock
    A package you depend on has a known security hole (CVE-2026-44843). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-41481 langchain-text-splitters: LangChain: Information Disclosure via Server-Side Request Forgery (SSRF) Redirect Bypass
    uv.lock
    A package you depend on has a known security hole (CVE-2026-41481). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-45134 LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning
    uv.lock
    A package you depend on has a known security hole (CVE-2026-45134). Fix: Update that package to its patched version.
  • Worth fixing GHSA-f4xh-w4cj-qxq8 LangSmith SDK TracingMiddleware: Arbitrary server-side file read
    uv.lock
    A package you depend on has a known security hole (GHSA-f4xh-w4cj-qxq8). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-41182 LangSmith SDK: Streaming token events bypass output redaction
    uv.lock
    A package you depend on has a known security hole (CVE-2026-41182). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-41066 lxml: python: lxml: Information disclosure via untrusted XML input leading to local file read
    uv.lock
    A package you depend on has a known security hole (CVE-2026-41066). Fix: Update that package to its patched version.
  • Worth fixing GHSA-4xgf-cpjx-pc3j pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size
    uv.lock
    A package you depend on has a known security hole (GHSA-4xgf-cpjx-pc3j). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-48526 python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens
    uv.lock
    A package you depend on has a known security hole (CVE-2026-48526). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-48522 python-pyjwt: PyJWT: Server-Side Request Forgery (SSRF) via uncontrolled URL fetching in PyJWKClient
    uv.lock
    A package you depend on has a known security hole (CVE-2026-48522). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-48523 python-pyjwt: PyJWT: Verifier-side algorithm bypass leads to unauthorized information access
    uv.lock
    A package you depend on has a known security hole (CVE-2026-48523). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-48525 python-pyjwt: PyJWT: Denial of Service via processing of crafted detached JWS tokens
    uv.lock
    A package you depend on has a known security hole (CVE-2026-48525). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-41168 pypdf: pypdf: Denial of Service via crafted PDF with oversized streams
    uv.lock
    A package you depend on has a known security hole (CVE-2026-41168). Fix: Update that package to its patched version.
  • Worth fixing CVE-2026-41312 pypdf: pypdf: Denial of Service due to excessive memory consumption via specially crafted PDF
    uv.lock
    A package you depend on has a known security hole (CVE-2026-41312). Fix: Update that package to its patched version.
… 18 more not shown

via Trivy v0.70.0 · Apache-2.0

Known OSS vulnerabilities — OSV-Scanner 49 found · 1 serious

Your dependencies cross-checked against the OSV vulnerability database.

  • Serious GHSA-f4j7-r4q5-qw2c ChromaDB Python project has a pre-authentication code injection vulnerability
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole (CVE-2026-45829). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2026-237 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the server_hostname TLS SNI check can be bypassed when an existing connection is reused. If an applicat
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole (CVE-2026-54275). Fix: Update that package to its patched version.
  • Worth fixing GHSA-4fvr-rgm6-gqmc aiohttp: HTTP/1 Pipelined Requests Queue Without Limit
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole (CVE-2026-54273). Fix: Update that package to its patched version.
  • Worth fixing GHSA-63hw-fmq6-xxg2 aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole (CVE-2026-54277). Fix: Update that package to its patched version.
  • Worth fixing GHSA-g3cq-j2xw-wf74 aiohttp: Unread Compressed Request Bodies Bypass client_max_size During Cleanup
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole (CVE-2026-54278). Fix: Update that package to its patched version.
  • Worth fixing GHSA-hg6j-4rv6-33pg AIOHTTP is vulnerable to cross-origin redirect with per-request cookies
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole (CVE-2026-47265). Fix: Update that package to its patched version.
  • Worth fixing GHSA-hpj7-wq8m-9hgp aiohttp: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole (CVE-2026-54276). Fix: Update that package to its patched version.
  • Worth fixing GHSA-jg22-mg44-37j8 AIOHTTP is Vulnerable to Deserialization of Untrusted Data
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole (CVE-2026-34993). Fix: Update that package to its patched version.
  • Worth fixing GHSA-xcgm-r5h9-7989 aiohttp: Incomplete websocket frame payloads bypass memory limits
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole (CVE-2026-54274). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2026-188 Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorizat
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole (CVE-2026-44681). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2026-25 Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starlette_client.OAuth. This vulne
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole (CVE-2026-41425). Fix: Update that package to its patched version.
  • Worth fixing GHSA-w8p2-r796-3vmq Authlib OAuth 2.0 has Open Redirect in Authorization API that allows attacker-controlled redirect_uri through unsupported response_type
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole (CVE-2026-41479). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2023-235 An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster.
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole (CVE-2023-45875). Fix: Update that package to its patched version.
  • Worth fixing GHSA-537c-gmf6-5ccf Vulnerable OpenSSL included in cryptography wheels
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2026-215 Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prior
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole (CVE-2026-45409). Fix: Update that package to its patched version.
  • Worth fixing GHSA-pjwx-r37v-7724 LangChain vulnerable to unsafe deserialization of attacker-controlled objects through overly broad `load()` allowlists
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole (CVE-2026-44843). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2026-77 LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHeaderTextSplitter.split_text_from_url() validated the initial URL using valida
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole (CVE-2026-41481). Fix: Update that package to its patched version.
  • Worth fixing GHSA-3644-q5cj-c5c7 LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole (CVE-2026-45134). Fix: Update that package to its patched version.
  • Worth fixing GHSA-f4xh-w4cj-qxq8 LangSmith SDK TracingMiddleware: Arbitrary server-side file read
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Worth fixing GHSA-rr7j-v2q5-chgv LangSmith SDK: Streaming token events bypass output redaction
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole (CVE-2026-41182). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2026-87 lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML inp
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole (CVE-2026-41066). Fix: Update that package to its patched version.
  • Worth fixing GHSA-4xgf-cpjx-pc3j pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole. Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2026-175 PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen() which uses Python stdlib's default OpenerDirector register
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole (CVE-2026-48522). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2026-178 PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option ("b64": false, RFC 7797), PyJWT performs Base64URL decod
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole (CVE-2026-48525). Fix: Update that package to its patched version.
  • Worth fixing PYSEC-2026-179 PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate
    /workdirs/scan-b698825d-2342-46a6-85de-988b68e7cfd4/uv.lock
    A package you depend on has a known security hole (CVE-2026-48526). Fix: Update that package to its patched version.
… 24 more not shown

via OSV-Scanner v1.9.2 · Apache-2.0

Risky code patterns — Semgrep none found ✓

Code that can be exploited — injection, hardcoded credentials and similar.

Nothing found by this check. ✓

via Semgrep v1.147.0 · LGPL-2.1

Malicious dependencies — Guarddog couldn’t run

Packages that look intentionally malicious — typosquats, sneaky install scripts.

This check didn’t finish — that’s not the same as “clean.” Try Check again above.

via Guarddog v2.10.0 · Apache-2.0

error: pypi:Traceback (most recent call last): File "/usr/local/bin/guarddog", line 5, in <module> from guarddog.cli import cl

Project health

A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.

Project health — OpenSSF Scorecard timed out

Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.

This check didn’t finish — that’s not the same as “clean.” Try Check again above.

via OpenSSF Scorecard v5.5.0 · Apache-2.0

error: timeout after 1800s

About these results. Six open-source checks ran in parallel; every finding is tagged with the tool that produced it. The verdict follows a published rule. False positives and false negatives are normal — a clean scan does not mean the code is secure, and a red verdict does not mean the project is compromised.