{"date":"2025-12-08T05:14:01Z","repo":{"name":"github.com/intel/cve-bin-tool","commit":"6f004a4c14cb0305d1dc904165480d678efda1bf"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":6.5,"checks":[{"name":"Code-Review","score":5,"reason":"Found 4/7 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/build-wheel.yml:17","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:31","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:32","Warn: jobLevel 'security-events' permission set to 'write': .github/workflows/cve_bin_tool_action.yml:13","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/formatting.yml:16","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/sbom.yml:15","Info: jobLevel 'contents' permission set to 'read': .github/workflows/spelling.yml:12","Info: jobLevel 'actions' permission set to 'read': .github/workflows/spelling.yml:14","Info: jobLevel 'contents' permission set to 'read': .github/workflows/testing.yml:308","Info: jobLevel 'contents' permission set to 'read': .github/workflows/testing.yml:411","Info: jobLevel 'contents' permission set to 'read': .github/workflows/testing.yml:514","Info: jobLevel 'contents' permission set to 'read': .github/workflows/testing.yml:619","Info: jobLevel 'contents' permission set to 'read': .github/workflows/testing.yml:751","Info: jobLevel 'contents' permission set to 'read': .github/workflows/testing.yml:29","Info: jobLevel 'contents' permission set to 'read': .github/workflows/testing.yml:71","Info: jobLevel 'contents' permission set to 'read': .github/workflows/testing.yml:191","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/update-js-dependencies.yml:19","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/update-pre-commit.yml:19","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/update-spdx-header.yml:19","Info: topLevel permissions set to 'read-all': .github/workflows/build-wheel.yml:3","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:24","Info: topLevel 'contents' permission set to 'read': .github/workflows/coverity.yml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/cve_bin_tool_action.yml:8","Info: topLevel 'contents' permission set to 'read': .github/workflows/cve_scan.yml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:13","Info: topLevel 'contents' permission set to 'read': .github/workflows/formatting.yml:11","Info: topLevel 'contents' permission set to 'read': .github/workflows/fuzzing.yml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/linting.yml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/sbom.yml:10","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:13","Info: topLevel 'contents' permission set to 'read': .github/workflows/spelling.yml:5","Info: topLevel permissions set to 'read-all': .github/workflows/testing.yml:3","Info: topLevel 'contents' permission set to 'read': .github/workflows/update-cache.yml:20","Info: topLevel 'contents' permission set to 'read': .github/workflows/update-js-dependencies.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/update-pre-commit.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/update-spdx-header.yml:14","Info: topLevel permissions set to 'read-all': .github/workflows/validate-yml.yml:3"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":3,"reason":"binaries present in source code","details":["Warn: binary detected: test/assets/test-curl-7.34.0.out:1","Warn: binary detected: test/assets/test-kerberos-5-1.15.1.out:1","Warn: binary detected: test/assets/test-zst.deb:1","Warn: binary detected: test/assets/test.deb:1","Warn: binary detected: test/condensed-downloads/dovecot-2.3.14-1.fc34.i686.rpm:1","Warn: binary detected: test/condensed-downloads/dovecot-core_2.3.13+dfsg1-1ubuntu1_amd64.deb:1","Warn: binary detected: test/condensed-downloads/gnome-shell-41.2-1.fc35.x86_64.rpm:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":5,"reason":"badge detected: Passing","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 7 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: PythonAtherisFuzzer integration found: fuzz/fuzz_cargo_lock.py:13","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_cargo_lock.py:14","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_composer_lock.py:14","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_composer_lock.py:15","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_cpanfile.py:12","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_cpanfile.py:13","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_cyclonedx.py:13","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_cyclonedx.py:14","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_gemfile_lock.py:13","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_gemfile_lock.py:14","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_go.py:11","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_go.py:12","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_intermediate_report_merge.py:10","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_intermediate_report_merge.py:11","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_main.py:8","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_package_list_parser.py:12","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_package_list_parser.py:13","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_package_lock.py:13","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_package_lock.py:14","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_package_resolved.py:9","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_package_resolved.py:10","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_pkg_info.py:12","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_pkg_info.py:13","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_pom_xml.py:12","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_pom_xml.py:13","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_pubspec_lock.py:9","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_pubspec_lock.py:10","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_python_requirement_parser.py:13","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_python_requirement_parser.py:14","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_renv_lock.py:13","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_renv_lock.py:14","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_tuples.py:10","Info: PythonAtherisFuzzer integration found: fuzz/fuzz_tuples.py:11"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":3,"reason":"dependency not pinned by hash detected -- score normalized to 3","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/cve_bin_tool_action.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/cve-bin-tool/cve_bin_tool_action.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fuzzing.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/cve-bin-tool/fuzzing.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fuzzing.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/cve-bin-tool/fuzzing.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/spelling.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/cve-bin-tool/spelling.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/testing.yml:885: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/cve-bin-tool/testing.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/testing.yml:297: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/cve-bin-tool/testing.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/testing.yml:400: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/cve-bin-tool/testing.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/testing.yml:503: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/cve-bin-tool/testing.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/testing.yml:607: update your workflow using https://app.stepsecurity.io/secureworkflow/intel/cve-bin-tool/testing.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/build-wheel.yml:37","Warn: pipCommand not pinned by hash: .github/workflows/cve_scan.yml:41","Warn: pipCommand not pinned by hash: .github/workflows/cve_scan.yml:42","Warn: pipCommand not pinned by hash: .github/workflows/cve_scan.yml:43","Warn: pipCommand not pinned by hash: .github/workflows/cve_scan.yml:44","Warn: pipCommand not pinned by hash: .github/workflows/cve_scan.yml:45","Warn: pipCommand not pinned by hash: .github/workflows/formatting.yml:33","Warn: pipCommand not pinned by hash: .github/workflows/formatting.yml:34","Warn: pipCommand not pinned by hash: .github/workflows/fuzzing.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/fuzzing.yml:55","Warn: pipCommand not pinned by hash: .github/workflows/fuzzing.yml:56","Warn: pipCommand not pinned by hash: .github/workflows/fuzzing.yml:60","Warn: pipCommand not pinned by hash: .github/workflows/fuzzing.yml:61","Warn: pipCommand not pinned by hash: .github/workflows/fuzzing.yml:62","Warn: pipCommand not pinned by hash: .github/workflows/fuzzing.yml:63","Warn: pipCommand not pinned by hash: .github/workflows/linting.yml:33","Warn: pipCommand not pinned by hash: .github/workflows/linting.yml:34","Warn: pipCommand not pinned by hash: .github/workflows/linting.yml:35","Warn: pipCommand not pinned by hash: .github/workflows/linting.yml:46","Warn: pipCommand not pinned by hash: .github/workflows/sbom.yml:37","Warn: pipCommand not pinned by hash: .github/workflows/sbom.yml:38","Warn: pipCommand not pinned by hash: .github/workflows/sbom.yml:39","Warn: pipCommand not pinned by hash: .github/workflows/sbom.yml:40","Warn: pipCommand not pinned by hash: .github/workflows/sbom.yml:41","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:367","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:368","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:369","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:370","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:371","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:470","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:471","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:472","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:473","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:474","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:573","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:574","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:575","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:576","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:577","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:716","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:717","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:718","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:719","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:720","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:59","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:60","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:61","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:62","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:159","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:160","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:161","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:162","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:163","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:164","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:165","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:256","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:257","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:258","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:259","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:260","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:261","Warn: pipCommand not pinned by hash: .github/workflows/testing.yml:262","Warn: pipCommand not pinned by hash: .github/workflows/update-cache.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/update-cache.yml:49","Warn: pipCommand not pinned by hash: .github/workflows/update-cache.yml:50","Warn: pipCommand not pinned by hash: .github/workflows/update-cache.yml:51","Warn: pipCommand not pinned by hash: .github/workflows/update-js-dependencies.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/update-js-dependencies.yml:49","Warn: pipCommand not pinned by hash: .github/workflows/update-js-dependencies.yml:50","Warn: pipCommand not pinned by hash: .github/workflows/update-pre-commit.yml:37","Warn: pipCommand not pinned by hash: .github/workflows/update-pre-commit.yml:38","Warn: pipCommand not pinned by hash: .github/workflows/validate-yml.yml:31","Warn: pipCommand not pinned by hash: .github/workflows/validate-yml.yml:32","Info:  64 out of  66 GitHub-owned GitHubAction dependencies pinned","Info:  33 out of  40 third-party GitHubAction dependencies pinned","Info:   0 out of  73 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v3.4.1rc0 not signed: https://api.github.com/repos/intel/cve-bin-tool/releases/225242326","Warn: release artifact v3.4.1rc0 does not have provenance: https://api.github.com/repos/intel/cve-bin-tool/releases/225242326"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: LICENSE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during GetBranch(3.1.2_candidate): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":0,"reason":"197 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2024-48 / GHSA-fj7x-q9j7-g6q6","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-2xpw-w6gg-jr37","Warn: Project is vulnerable to: GHSA-48p4-8xcf-vxj5","Warn: Project is vulnerable to: GHSA-gm62-xv2j-4w53","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v","Warn: Project is vulnerable to: GHSA-8gq9-2x98-w8hf","Warn: Project is vulnerable to: GHSA-8qvm-5x2c-j2w7","Warn: Project is vulnerable to: PYSEC-2017-65 / GHSA-jwvw-v7c5-m82h","Warn: Project is vulnerable to: PYSEC-2022-48","Warn: Project is vulnerable to: GHSA-8495-4g3g-x7pr","Warn: Project is vulnerable to: GHSA-9548-qrrj-x5pj","Warn: Project is vulnerable to: GHSA-cpwx-vrp4-4pq7","Warn: Project is vulnerable to: GHSA-h5c8-rqwp-cp95","Warn: Project is vulnerable to: GHSA-h75v-3vvj-5mfj","Warn: Project is vulnerable to: GHSA-q2x7-8rv6-6q7h","Warn: Project is vulnerable to: PYSEC-2019-115 / GHSA-2fch-jvg5-crf6","Warn: Project is vulnerable to: PYSEC-2014-89 / GHSA-c2fx-8r76-gh36","Warn: Project is vulnerable to: PYSEC-2014-91","Warn: Project is vulnerable to: PYSEC-2025-49 / GHSA-5rjg-fvgr-3xxf","Warn: Project is vulnerable to: GHSA-79v4-65xg-pq4g","Warn: Project is vulnerable to: PYSEC-2023-120 / GHSA-45c4-8wx5-qw6w","Warn: Project is vulnerable to: PYSEC-2024-24 / GHSA-5h86-8mv2-jq9f","Warn: Project is vulnerable to: GHSA-5m98-qgg9-wh84","Warn: Project is vulnerable to: GHSA-7gpw-8wmc-pm8g","Warn: Project is vulnerable to: PYSEC-2024-26 / GHSA-8qpw-xqxj-h4r2","Warn: Project is vulnerable to: PYSEC-2023-246 / GHSA-gfw2-4jvh-wgfg","Warn: Project is vulnerable to: GHSA-pjjw-qhg8-p2p9","Warn: Project is vulnerable to: PYSEC-2023-250 / GHSA-q3qx-c6g2-7pw2","Warn: Project is vulnerable to: PYSEC-2023-251 / GHSA-qvrw-v9rv-5rjx","Warn: Project is vulnerable to: PYSEC-2024-230 / GHSA-248v-346w-9cwc","Warn: Project is vulnerable to: PYSEC-2023-135 / GHSA-xqr8-7jwr-rhp7","Warn: Project is vulnerable to: GHSA-3ww4-gg4f-jr7f","Warn: Project is vulnerable to: PYSEC-2024-225 / GHSA-6vqw-3v5j-54x4","Warn: Project is vulnerable to: GHSA-9v9h-cgj8-h64p","Warn: Project is vulnerable to: PYSEC-2023-112 / GHSA-cf7p-gm2m-833m","Warn: Project is vulnerable to: GHSA-h4gh-qq45-vh27","Warn: Project is vulnerable to: PYSEC-2023-254 / GHSA-jfhm-5ghh-2f97","Warn: Project is vulnerable to: GHSA-jm77-qphf-c4w8","Warn: Project is vulnerable to: GHSA-v8gr-m533-ghj9","Warn: Project is vulnerable to: PYSEC-2024-60 / GHSA-jjg7-2v4v-x38h","Warn: Project is vulnerable to: GHSA-gmj6-6f8f-6699","Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: GHSA-34jh-p97f-mpxf","Warn: Project is vulnerable to: PYSEC-2023-212 / GHSA-g4mx-q9vg-27p4","Warn: Project is vulnerable to: PYSEC-2023-192 / GHSA-v845-jxx5-vc9f","Warn: Project is vulnerable to: GHSA-jfmj-5v4g-7637","Warn: Project is vulnerable to: RUSTSEC-2025-0056","Warn: Project is vulnerable to: RUSTSEC-2021-0139","Warn: Project is vulnerable to: RUSTSEC-2021-0145 / GHSA-g98v-hv3f-hcfr","Warn: Project is vulnerable to: RUSTSEC-2024-0375","Warn: Project is vulnerable to: RUSTSEC-2022-0078 / GHSA-f85w-wvc7-crwc","Warn: Project is vulnerable to: RUSTSEC-2020-0159","Warn: Project is vulnerable to: RUSTSEC-2023-0076","Warn: Project is vulnerable to: GHSA-7f6x-jwh5-m9r4","Warn: Project is vulnerable to: GHSA-jqwc-c49r-4w2x","Warn: Project is vulnerable to: RUSTSEC-2020-0168","Warn: Project is vulnerable to: RUSTSEC-2023-0022 / GHSA-3gxf-9r58-2ghg","Warn: Project is vulnerable to: RUSTSEC-2023-0024 / GHSA-6hcf-g6gr-hhcr","Warn: Project is vulnerable to: RUSTSEC-2023-0023 / GHSA-9qwg-crg9-m2vc","Warn: Project is vulnerable to: RUSTSEC-2024-0357 / GHSA-q445-7m23-qrmw","Warn: Project is vulnerable to: RUSTSEC-2025-0004 / GHSA-rpmj-rpgj-qmpm","Warn: Project is vulnerable to: RUSTSEC-2023-0044 / GHSA-xcf7-rvmh-g6q4","Warn: Project is vulnerable to: RUSTSEC-2023-0072 / GHSA-xphf-cx8h-7q9g","Warn: Project is vulnerable to: RUSTSEC-2022-0032 / GHSA-3wx7-46ch-7rq2","Warn: Project is vulnerable to: RUSTSEC-2023-0007 / GHSA-p52g-cm5j-mjv4","Warn: Project is vulnerable to: RUSTSEC-2023-0009 / GHSA-r7jw-wp68-3xch","Warn: Project is vulnerable to: RUSTSEC-2023-0010 / GHSA-v5w6-wcm8-jm4q","Warn: Project is vulnerable to: RUSTSEC-2023-0006 / GHSA-x4qr-2fvf-3mr5","Warn: Project is vulnerable to: RUSTSEC-2024-0436","Warn: Project is vulnerable to: RUSTSEC-2021-0127","Warn: Project is vulnerable to: RUSTSEC-2020-0071 / GHSA-wcg3-cvx6-7396","Warn: Project is vulnerable to: RUSTSEC-2025-0081","Warn: Project is vulnerable to: RUSTSEC-2025-0075","Warn: Project is vulnerable to: RUSTSEC-2025-0080","Warn: Project is vulnerable to: RUSTSEC-2025-0090","Warn: Project is vulnerable to: RUSTSEC-2025-0082","Warn: Project is vulnerable to: RUSTSEC-2025-0102","Warn: Project is vulnerable to: RUSTSEC-2025-0083","Warn: Project is vulnerable to: RUSTSEC-2025-0094","Warn: Project is vulnerable to: RUSTSEC-2025-0079","Warn: Project is vulnerable to: RUSTSEC-2025-0100","Warn: Project is vulnerable to: RUSTSEC-2025-0078","Warn: Project is vulnerable to: RUSTSEC-2025-0098","Warn: Project is vulnerable to: RUSTSEC-2024-0320","Warn: Project is vulnerable to: GHSA-76r7-hhxj-r776","Warn: Project is vulnerable to: GHSA-r4mg-4433-c7g3","Warn: Project is vulnerable to: GHSA-3xg8-cc8f-9wv2","Warn: Project is vulnerable to: GHSA-2m96-52r3-2f3g","Warn: Project is vulnerable to: GHSA-23c2-gwp5-pxw9","Warn: Project is vulnerable to: GHSA-cxf7-qrc5-9446","Warn: Project is vulnerable to: GHSA-5c5f-7vfq-3732","Warn: Project is vulnerable to: GHSA-228g-948r-83gx","Warn: Project is vulnerable to: GHSA-3x8r-x6xp-q4vm","Warn: Project is vulnerable to: GHSA-486f-hjj9-9vhh","Warn: Project is vulnerable to: GHSA-j3g3-5qv5-52mj","Warn: Project is vulnerable to: GHSA-2qc6-mcvw-92cw","Warn: Project is vulnerable to: GHSA-353f-x4gh-cqq8","Warn: Project is vulnerable to: GHSA-5w6v-399v-w3cc","Warn: Project is vulnerable to: GHSA-cgx6-hpwq-fhv5","Warn: Project is vulnerable to: GHSA-crjr-9rc5-ghw8","Warn: Project is vulnerable to: GHSA-gx8x-g87m-h5q6","Warn: Project is vulnerable to: GHSA-jc36-42cf-vqwj","Warn: Project is vulnerable to: GHSA-mrxw-mxhj-p664","Warn: Project is vulnerable to: GHSA-pxvg-2qj5-37jq","Warn: Project is vulnerable to: GHSA-r95h-9x8f-r3f7","Warn: Project is vulnerable to: GHSA-v6gp-9mmm-c6p5","Warn: Project is vulnerable to: GHSA-vvfq-8hwr-qm4m","Warn: Project is vulnerable to: GHSA-xc9x-jj77-9p9j","Warn: Project is vulnerable to: GHSA-xh29-r2w5-wx8m","Warn: Project is vulnerable to: GHSA-xxx9-3xcr-gjj3","Warn: Project is vulnerable to: GHSA-68xg-gqqm-vgj8","Warn: Project is vulnerable to: GHSA-9hf4-67fc-4vf4","Warn: Project is vulnerable to: GHSA-c2f4-cvqm-65w2","Warn: Project is vulnerable to: GHSA-h99w-9q5r-gjq9","Warn: Project is vulnerable to: GHSA-rmj8-8hhh-gv5h","Warn: Project is vulnerable to: GHSA-22f2-v57c-j9cx","Warn: Project is vulnerable to: GHSA-3h57-hmj3-gj3p","Warn: Project is vulnerable to: GHSA-54rr-7fvw-6x8f","Warn: Project is vulnerable to: GHSA-625h-95r8-8xpm","Warn: Project is vulnerable to: GHSA-65f5-mfpf-vfhj","Warn: Project is vulnerable to: GHSA-6xw4-3v39-52mm","Warn: Project is vulnerable to: GHSA-7g2v-jj9q-g3rg","Warn: Project is vulnerable to: GHSA-7wqh-767x-r66v","Warn: Project is vulnerable to: GHSA-8cgq-6mh2-7j6v","Warn: Project is vulnerable to: GHSA-93pm-5p5f-3ghx","Warn: Project is vulnerable to: GHSA-c6qg-cjj8-47qp","Warn: Project is vulnerable to: GHSA-gjh7-p2fx-99vx","Warn: Project is vulnerable to: GHSA-hxqx-xwvh-44m2","Warn: Project is vulnerable to: GHSA-p543-xpfm-54cp","Warn: Project is vulnerable to: GHSA-r657-rxjc-j557","Warn: Project is vulnerable to: GHSA-rqv2-275x-2jq5","Warn: Project is vulnerable to: GHSA-vpfw-47h7-xj4g","Warn: Project is vulnerable to: GHSA-w9pc-fmgc-vxvw","Warn: Project is vulnerable to: GHSA-wpv5-97wm-hp9c","Warn: Project is vulnerable to: GHSA-wq4h-7r42-5hrr","Warn: Project is vulnerable to: GHSA-xj5v-6v4g-jfw6","Warn: Project is vulnerable to: GHSA-5x79-w82f-gw8w","Warn: Project is vulnerable to: GHSA-9h9g-93gc-623h","Warn: Project is vulnerable to: GHSA-mcvf-2q2m-x72m","Warn: Project is vulnerable to: GHSA-pg8v-g4xq-hww9","Warn: Project is vulnerable to: GHSA-rrfc-7g8p-99q8","Warn: Project is vulnerable to: GHSA-592j-995h-p23j","Warn: Project is vulnerable to: GHSA-q3wr-qw3g-3p4h","Warn: Project is vulnerable to: GHSA-gc3j-vvwf-4rp8","Warn: Project is vulnerable to: GHSA-r9mq-m72x-257g","Warn: Project is vulnerable to: GHSA-9hmq-fm33-x4xx","Warn: Project is vulnerable to: GHSA-2rxp-v6pw-ch6m","Warn: Project is vulnerable to: GHSA-4xqq-m2hx-25v8","Warn: Project is vulnerable to: GHSA-5866-49gr-22v4","Warn: Project is vulnerable to: GHSA-r55c-59qm-vjw6","Warn: Project is vulnerable to: GHSA-vg3r-rm7w-2xgh","Warn: Project is vulnerable to: GHSA-vmwr-mc7x-5vc3","Warn: Project is vulnerable to: GHSA-3qc2-v3hp-6cv8","Warn: Project is vulnerable to: GHSA-jrfj-98qg-qjgv","Warn: Project is vulnerable to: GHSA-2x8x-jmrp-phxw","Warn: Project is vulnerable to: GHSA-hxx2-7vcw-mqr3","Warn: Project is vulnerable to: GHSA-mr3q-g2mv-mr4q","Warn: Project is vulnerable to: GHSA-qp49-3pvw-x4m5","Warn: Project is vulnerable to: GHSA-6f62-3596-g6w7","Warn: Project is vulnerable to: GHSA-r995-q44h-hr64","Warn: Project is vulnerable to: GO-2023-1988 / GHSA-2wrh-6pvc-2jm9","Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2022-0969 / GHSA-69cg-p879-7622","Warn: Project is vulnerable to: GO-2023-1495 / GHSA-fxg5-wq6x-vr4w","Warn: Project is vulnerable to: GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2023-1571 / GHSA-vvpx-j8f3-3w6h","Warn: Project is vulnerable to: GO-2022-1144 / GHSA-xrjj-mj9h-534m","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9","Warn: Project is vulnerable to: GO-2022-1059 / GHSA-69ch-w2m2-3vjp","Warn: Project is vulnerable to: GO-2024-2611 / GHSA-8r3f-844c-mc37","Warn: Project is vulnerable to: GO-2024-2748 / GHSA-33c5-9fx5-fvjm","Warn: Project is vulnerable to: GHSA-7r3h-m5j6-3q42","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-9v85-q87q-g4vg","Warn: Project is vulnerable to: GHSA-r285-q736-9v95","Warn: Project is vulnerable to: GHSA-9324-jv53-9cc8","Warn: Project is vulnerable to: RSEC-2023-8","Warn: Project is vulnerable to: RSEC-2025-0","Warn: Project is vulnerable to: RSEC-2023-3","Warn: Project is vulnerable to: PYSEC-2023-247 / GHSA-xx9p-xxvh-7g8j","Warn: Project is vulnerable to: PYSEC-2014-14 / GHSA-652x-xj99-gmcc","Warn: Project is vulnerable to: PYSEC-2014-13 / GHSA-cfj3-7x9c-4p3h","Warn: Project is vulnerable to: PYSEC-2018-28 / GHSA-x84v-xcm2-53pg","Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg","Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p","Warn: Project is vulnerable to: PYSEC-2021-16 / GHSA-93xj-8mrv-444m","Warn: Project is vulnerable to: PYSEC-2023-74 / GHSA-j8r2-6x86-q33q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}},{"name":"CI-Tests","score":2,"reason":"7 out of 30 merged PRs checked by a CI test -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}},{"name":"Contributors","score":10,"reason":"project has 24 contributing companies or organizations","details":["Info: found contributions from: DoorsTour-India, EddieHubCommunity, GDSC-IIITM, askyourseniors, builtree, coala, cod-ed, frappe, google, indian institute of technology mandi, intel, keysight technologies, layer5io, looking for work (remote only at this time), nirmata, nsit, openfoodfacts, orange, orcasound, python-gsoc, revly-org, sofamon, statusbrew, zenskar"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}}]}