Security Deep Dive
AdGuardHome
Security posture and CVE patch evidence from tracked releases.
Open CVEs reported against v0.107.77.
See the CVE patch history below for context.
Versions by Severity
CVEs are attributed to tracked releases published before the patch release.
| Version | Published | C | H | M | L | KEV | Notes |
|---|---|---|---|---|---|---|---|
| v0.107.77 | 2026-06-02 | — | — | — | — | — |
Latest
|
| v0.107.76 | 2026-05-21 | — | — | — | — | — |
—
|
| v0.107.75 | 2026-05-19 | — | — | — | — | — |
—
|
| v0.107.74 | 2026-04-16 | — | — | — | — | — |
—
|
| v0.107.73 | 2026-03-10 | — | — | — | — | — |
Patches
GHSA-5fg6-wrq4-w5gh
Patches
GO-2026-4686
|
| v0.107.72 | 2026-02-19 | 1 | — | — | — | — |
—
|
Trust Signals — 3 of 9 Present
Evidence already collected from releases and repository metadata.
Security Score
A composite score aggregating Scorecard performance, CVE patch history, OpenSSF badge tier, and dependency vulnerability exposure. Score ≥ 7.0 is healthy; < 4.0 warrants attention.
epss
0.25 / 0.5
No EPSS data
freshness
1.00 / 1.0
Up to date
scorecard
2.24 / 4.0
Score 5.6/10
cve health
0.00 / 2.5
Open CVEs detected
patch speed
0.50 / 0.5
0d avg
kev exposure
1.50 / 1.5
No KEV exposure
supply chain risk
0.00 / 10.0
Risk 0.0/100
Score breakdown
schema v2Vulnerability posture
vulnerability posture
0.0
25%
Release responsiveness
release responsiveness
10.0
5%
Dependency exposure
dependency exposure
10.0
10%
Provenance trust
provenance trust
5.6
40%
Maintainer health
maintainer health
10.0
10%
Operational risk
operational risk
8.5
10%
How is this calculated?
The six dimensions group the legacy score signals into weighted categories: direct vulnerability status, patch responsiveness, dependency exposure, provenance checks, maintainer activity, and exploitability risk. The flat component values above remain available for compatibility.
Scorecard
Scorecard 5.6/10OpenSSF Scorecard evaluates supply-chain security practices automatically. Score ≥ 6 is passing; ≥ 8 is excellent.
| Check | Score | Reason |
|---|---|---|
| Packaging | -1 | packaging workflow not detected |
| Dangerous-Workflow | 10 | no dangerous workflow patterns detected |
| Code-Review | 0 | Found 0/30 approved changesets -- score normalized to 0 |
| Security-Policy | 10 | security policy file detected |
| Maintained | 10 | 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 |
| Token-Permissions | 10 | GitHub workflow tokens follow principle of least privilege |
| CII-Best-Practices | 0 | no effort to earn an OpenSSF best practices badge detected |
| SAST | 0 | no SAST tool detected |
| Binary-Artifacts | 10 | no binaries found in the repo |
| License | 10 | license file detected |
| Fuzzing | 10 | project is fuzzed |
| Branch-Protection | 0 | branch protection not enabled on development/release branches |
| Signed-Releases | 0 | Project has not signed or included provenance with any releases. |
| Pinned-Dependencies | 0 | dependency not pinned by hash detected -- score normalized to 0 |
OpenSSF Badge
Badge indicates adherence to open-source best practices.
CVE Patch History
Median patch time: 0 daysTracks CVEs that were addressed in tagged releases. Shorter gap between disclosure and patch = faster response. EPSS = predicted probability of exploitation in next 30 days (FIRST.org); colored at ≥90%ile and ≥50%ile.
CVEs Patched by Year
| CVE | Severity | EPSS | Disclosed | Fixed in | Days to fix | vs Ecosystem Median | KEV |
|---|---|---|---|---|---|---|---|
| GHSA-5fg6-wrq4-w5gh | Critical | — | — | v0.107.73 | — | — | — |
| GO-2026-4686 | unknown | — | — | v0.107.73 | — | — | — |
KEV = CISA Known Exploited Vulnerabilities catalog — actively exploited in the wild.