Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
curl-auth-header Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.Packages you depend on that have known security holes (CVEs).
CVE-2026-25541 Bytes is a utility library for working with bytes. From version 1.2.1 ...GHSA-wrw7-89jp-8q8g Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`CVE-2026-41676 rust-openssl provides OpenSSL bindings for the Rust programming langua ...CVE-2026-41678 rust-openssl provides OpenSSL bindings for the Rust programming langua ...CVE-2026-41681 rust-openssl provides OpenSSL bindings for the Rust programming langua ...CVE-2026-41898 rust-openssl provides OpenSSL bindings for the Rust programming langua ...CVE-2026-42327 rust-openssl: rust-openssl: Arbitrary code execution via specially crafted certificateCVE-2026-44662 rust-openssl provides OpenSSL bindings for the Rust programming langua ...CVE-2026-45784 rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphersCVE-2026-25727 time: time affected by a stack exhaustion denial of service attackCVE-2026-41677 rust-openssl provides OpenSSL bindings for the Rust programming langua ...GHSA-cq8v-f236-94qc Rand is unsound with a custom logger using rand::rng()CVE-2025-58160 tracing-subscriber: Tracing log pollutionYour dependencies cross-checked against the OSV vulnerability database.
RUSTSEC-2026-0007 Integer overflow in `BytesMut::reserve`RUSTSEC-2024-0429 Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`GHSA-8c75-8mhr-p7r9 rust-openssl has incorrect bounds assertion in aes key wrapGHSA-ghm9-cr32-g9qj rust-openssl: rustMdCtxRef::digest_final() writes past caller buffer with no length checkGHSA-hppc-g8h3-xhp3 rust-openssl: Unchecked callback length in PSK/cookie trampolines leaks adjacent memory to peerGHSA-phqj-4mhp-q6mq rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphersGHSA-pqf5-4pqq-29f5 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1GHSA-xp3w-r5p5-63rr rust-openssl has undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLsGHSA-xv59-967r-8726 rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-paddingRUSTSEC-2026-0009 Denial of Service via Stack ExhaustionGHSA-xmgf-hq76-4vx2 rust-opennssl has an Out-of-bounds read in PEM password callback when returning an oversized lengthRUSTSEC-2025-0055 Logging user input may result in poisoning logs with ANSI escape sequencesRUSTSEC-2024-0413 gtk-rs GTK3 bindings - no longer maintainedRUSTSEC-2024-0416 gtk-rs GTK3 bindings - no longer maintainedRUSTSEC-2021-0145 Potential unaligned readRUSTSEC-2024-0375 `atty` is unmaintainedRUSTSEC-2024-0412 gtk-rs GTK3 bindings - no longer maintainedRUSTSEC-2024-0418 gtk-rs GTK3 bindings - no longer maintainedRUSTSEC-2024-0415 gtk-rs GTK3 bindings - no longer maintainedRUSTSEC-2024-0420 gtk-rs GTK3 bindings - no longer maintainedRUSTSEC-2024-0419 gtk-rs GTK3 bindings - no longer maintainedRUSTSEC-2024-0384 `instant` is unmaintainedRUSTSEC-2024-0370 proc-macro-error is unmaintainedRUSTSEC-2026-0097 Rand is unsound with a custom logger using `rand::rng()`RUSTSEC-2025-0134 rustls-pemfile is unmaintainedCode that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
Nothing found by this check. ✓
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
scorecard-overall OpenSSF Scorecard overall: 4.1/10scorecard-CI-Tests CI-Tests scored 0: 2 out of 21 merged PRs checked by a CI test -- score normalized to 0scorecard-CII-Best-Practices CII-Best-Practices scored 0: no effort to earn an OpenSSF best practices badge detectedscorecard-Fuzzing Fuzzing scored 0: project is not fuzzedscorecard-Pinned-Dependencies Pinned-Dependencies scored 0: dependency not pinned by hash detected -- score normalized to 0scorecard-SAST SAST scored 0: SAST tool is not run on all commits -- score normalized to 0scorecard-Security-Policy Security-Policy scored 0: security policy file not detectedscorecard-Signed-Releases Signed-Releases scored 0: Project has not signed or included provenance with any releases.scorecard-Token-Permissions Token-Permissions scored 0: detected GitHub workflow tokens with excessive permissions