Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive operations.Packages you depend on that have known security holes (CVEs).
CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSourceCVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blockingCVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blockingCVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-configCVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmapCVE-2020-9548 jackson-databind: Serialization gadgets in anteros-coreCVE-2024-1597 pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLECVE-2024-1597 pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLECVE-2024-1597 pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLEGHSA-72hv-8253-57qq jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS ConditionCVE-2026-54512 jackson-databind contains the general-purpose data-binding functionali ...CVE-2026-54513 jackson-databind: Jackson-databind: Security bypass allows arbitrary code executionCVE-2026-54514 jackson-databind contains the general-purpose data-binding functionali ...CVE-2026-54515 jackson-databind contains the general-purpose data-binding functionali ...CVE-2017-3523 mysql-connector-java: Improper automatic deserialization of binary data (CPU Apr 2017)CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)CVE-2015-2575 mysql-connector-java: unspecified vulnerability related to Connector/J (CPU April 2015)CVE-2017-3586 mysql-connector-java: Connector/J unspecified vulnerability (CPU Apr 2017)CVE-2019-2692 mysql-connector-java: privilege escalation in MySQL connectorCVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL ConnectorsCVE-2026-35554 Apache Kafka Clients: Apache Kafka Clients: Information disclosure and data corruption due to race condition in producer buffer managementCVE-2024-31141 kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProviderCVE-2025-27817 org.apache.kafka: Kafka Client Arbitrary File Read SSRFYour dependencies cross-checked against the OSV vulnerability database.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
Code that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
Nothing found by this check. ✓
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
scorecard-overall OpenSSF Scorecard overall: 3.8/10scorecard-CI-Tests CI-Tests scored 0: 0 out of 9 merged PRs checked by a CI test -- score normalized to 0scorecard-CII-Best-Practices CII-Best-Practices scored 0: no effort to earn an OpenSSF best practices badge detectedscorecard-Fuzzing Fuzzing scored 0: project is not fuzzedscorecard-Maintained Maintained scored 0: 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0scorecard-Pinned-Dependencies Pinned-Dependencies scored 0: dependency not pinned by hash detected -- score normalized to 0scorecard-SAST SAST scored 0: SAST tool is not run on all commits -- score normalized to 0scorecard-Security-Policy Security-Policy scored 0: security policy file not detected