Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.Packages you depend on that have known security holes (CVEs).
Nothing found by this check. ✓
Your dependencies cross-checked against the OSV vulnerability database.
PYSEC-2018-12 An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, asPYSEC-2020-62 A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A rePYSEC-2021-19 An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribPYSEC-2021-852 lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content PYSEC-2022-230 NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earliePYSEC-2026-87 lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML inpPYSEC-2014-13 Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.PYSEC-2014-14 Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.PYSEC-2018-28 The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to disGHSA-9hjg-9r4m-mvj7 Requests vulnerable to .netrc credentials leak via malicious URLsGHSA-9wx4-h78v-vm56 Requests `Session` object does not verify requests after making first request with verify=FalseGHSA-gc5v-m9x4-r6x2 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility functionPYSEC-2020-73 ** DISPUTED ** pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call. NOTE: third partiesPYSEC-2015-17 The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.Code that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.