Tools / agentops / Security

Security Deep Dive

agentops

Security posture and CVE patch evidence from tracked releases.

Back to Tool

33 critical dependency CVEs affects 0.4.21.

Audit transitive dependencies; consider upgrading or pinning replacements.

— Signed — SLSA ✓ SBOM ✗ Security policy Weekly cadence · 13d median Sporadic maintainer

Trust Signals — 3 of 9 Present

Evidence already collected from releases and repository metadata.

3/9 Present

Signed releases Unknown

Latest release artifact signature Latest release

—

SLSA provenance Unknown

Attestation predicate level Latest release

—

SBOM published Present

GitHub SBOM API Latest release

Last verified: 28d ago

SECURITY.md Absent

GitHub repository metadata Repository policy

Checked: 23d ago

Release cadence: weekly Present

13d median over recent releases Release history

Latest release: 9mo ago

Maintainer sporadic Present

Recent commit activity Repository

Last commit: 2mo ago

Checksums (SHA256SUMS) Not active yet

SHA256SUMS or equivalent Release asset

Latest release: 9mo ago

GitHub Actions attestation Not active yet

actions/attest-build-provenance Workflow file

Latest release: 9mo ago

Signing assets Not active yet

.sig, .crt, cosign.pub, or similar Release asset

Latest release: 9mo ago

3.6/10 Security Score

Dependency Exposure 224 transitive dependency CVEs found in the latest SBOM. 33 critical.

Security Score

A composite score aggregating Scorecard performance, CVE patch history, OpenSSF badge tier, and dependency vulnerability exposure. Score ≥ 7.0 is healthy; < 4.0 warrants attention.

epss

0.25 / 0.5

No EPSS data

freshness

0.86 / 1.0

76d stale

scorecard

2.00 / 4.0

⚠ Estimated — not yet collected

cve health

0.00 / 2.5

⚠ No direct scan — 33c/54h transitive CVEs

patch speed

0.50 / 0.5

⚠ Estimated — no CVE patch history

kev exposure

1.50 / 1.5

No KEV exposure

supply chain risk

-1.50 / 10.0

Risk 100.0/100

Score breakdown

schema v2

Vulnerability posture

vulnerability posture

0.0

25%

direct cves: clear cve scan: estimated

Release responsiveness

release responsiveness

10.0

patch speed days: no_history

Dependency exposure

dependency exposure

0.0

10%

supply chain risk: 100.0 transitive cves: 33c/54h

Provenance trust

provenance trust

5.0

40%

scorecard score: estimated openssf badge: none

Maintainer health

maintainer health

8.6

10%

activity freshness: 76d

Operational risk

operational risk

8.5

10%

kev exposure: clear epss max: none

How is this calculated?

The six dimensions group the legacy score signals into weighted categories: direct vulnerability status, patch responsiveness, dependency exposure, provenance checks, maintainer activity, and exploitability risk. The flat component values above remain available for compatibility.

Supply Chain Risk

Risk 100.0/100

33 Transitive critical CVEs

0 KEV-transitive CVEs

48% Dependency freshness

OpenSSF Badge

OpenSSF none

Badge indicates adherence to open-source best practices.

Dependency Vulnerabilities

604 dependencies scanned View full dependency list →

Scanning the SBOM (Software Bill of Materials) of the latest release for known vulnerabilities in transitive dependencies.

Critical

High

Medium

Low

Unknown

Still affecting latest (38) All (224)

Critical 33 High 54 Medium 99 Low 33 Unknown 5

CVE	Severity	KEV	Dependency	Affected version	Cleared in release
CVE-2012-0805	critical	—	sqlalchemy	—	—
CVE-2017-18342	critical	—	pyyaml	5.3,< 7.0	—
CVE-2019-7164	critical	—	sqlalchemy	—	—
CVE-2019-7548	critical	—	sqlalchemy	—	—
CVE-2020-14343	critical	—	pyyaml	5.3,< 7.0	—
CVE-2022-24439	critical	—	gitpython	3.1.0	—
CVE-2023-29374	critical	—	langchain	—	—
CVE-2023-32785	critical	—	langchain	—	—
CVE-2023-34540	critical	—	langchain	—	—
CVE-2023-34541	critical	—	langchain	—	—
CVE-2023-36095	critical	—	langchain	—	—
CVE-2023-36188	critical	—	langchain	—	—
CVE-2023-36258	critical	—	langchain	—	—
CVE-2023-36281	critical	—	langchain	—	—
CVE-2023-38860	critical	—	langchain	—	—
CVE-2023-38896	critical	—	langchain	—	—
CVE-2023-39631	critical	—	langchain	—	—
CVE-2023-39659	critical	—	langchain	—	—
CVE-2023-39662	critical	—	llama-index	—	—
CVE-2023-40267	critical	—	gitpython	3.1.0	—
CVE-2024-23751	critical	—	llama-index	—	—
CVE-2024-2952	critical	—	litellm	—	—
CVE-2024-5751	critical	—	litellm	—	—
CVE-2025-14931	critical	—	smolagents	—	—
CVE-2025-1793	critical	—	llama-index	—	—
CVE-2025-5120	critical	—	smolagents	—	—
CVE-2025-7783	critical	—	form-data	4.0.0	—
CVE-2026-35002	critical	—	agno	—	—
CVE-2026-35030	critical	—	litellm	—	—
CVE-2026-42208	critical	—	litellm	—	—
CVE-2026-4810	critical	—	google-adk	—	—
GHSA-5mg7-485q-xm76	critical	—	litellm	—	—
GHSA-9qr9-h5gf-34mp	critical	—	next	15.2.3	—
CVE-2018-18074	high	—	requests	2.0.0,< 3.0.0	—
CVE-2019-18874	high	—	psutil	5.9.8,< 6.1.0	—
CVE-2020-7694	high	—	uvicorn	—	—
CVE-2020-7695	high	—	uvicorn	—	—
CVE-2023-32786	high	—	langchain	—	—
CVE-2023-36189	high	—	langchain	—	—
CVE-2023-40590	high	—	gitpython	3.1.0	—
CVE-2023-46229	high	—	langchain	—	—
CVE-2024-10188	high	—	litellm	—	—
CVE-2024-12911	high	—	llama-index	—	—
CVE-2024-22190	high	—	gitpython	3.1.0	—
CVE-2024-23334	high	—	aiohttp	—	—
CVE-2024-24762	high	—	fastapi	0.100.0	—
CVE-2024-30251	high	—	aiohttp	—	—
CVE-2024-39338	high	—	axios	1.6.8	—
CVE-2024-4068	high	—	braces	3.0.2	—
CVE-2024-4181	high	—	llama-index	—	—
CVE-2024-41950	high	—	haystack-ai	2.0.0	—
CVE-2024-4264	high	—	litellm	—	—
CVE-2024-4888	high	—	litellm	—	—
CVE-2024-6587	high	—	litellm	—	—
CVE-2024-6825	high	—	litellm	—	—
CVE-2024-8984	high	—	litellm	—	—
CVE-2024-9606	high	—	litellm	—	—
CVE-2025-0330	high	—	litellm	—	—
CVE-2025-0628	high	—	litellm	—	—
CVE-2025-1752	high	—	llama-index	—	—
CVE-2025-27152	high	—	axios	1.6.8	—
CVE-2025-58754	high	—	axios	1.8.3	—
CVE-2025-64168	high	—	agno	—	—
CVE-2025-69223	high	—	aiohttp	—	—
CVE-2025-7707	high	—	llama-index	—	—
CVE-2026-25639	high	—	axios	1.8.3	—
CVE-2026-26996	high	—	minimatch	3.1.2	—
CVE-2026-27903	high	—	minimatch	3.1.2	—
CVE-2026-27904	high	—	minimatch	3.1.2	—
CVE-2026-32597	high	—	pyjwt	2.8.0	—
CVE-2026-33671	high	—	picomatch	2.3.1	—
CVE-2026-35029	high	—	litellm	—	—
CVE-2026-42033	high	—	axios	1.8.3	—
CVE-2026-42035	high	—	axios	1.8.3	—
CVE-2026-42043	high	—	axios	1.8.3	—
CVE-2026-42203	high	—	litellm	—	—
CVE-2026-42264	high	—	axios	1.8.3	—
CVE-2026-42271	high	—	litellm	—	—
CVE-2026-42284	high	—	gitpython	3.1.0	—
CVE-2026-44243	high	—	gitpython	3.1.0	—
CVE-2026-44244	high	—	gitpython	3.1.0	—
CVE-2026-4800	high	—	lodash	4.17.21	—
GHSA-5j59-xgg2-r9c4	high	—	next	14.2.26	—
GHSA-69x8-hrgq-fjj8	high	—	litellm	—	—
GHSA-h25m-26qc-wcjf	high	—	next	15.2.3	—
GHSA-mwv6-3258-q52c	high	—	next	15.2.3	—
GHSA-q4gf-8mx6-v5v3	high	—	next	15.2.3	—
CVE-2014-1829	medium	—	requests	2.0.0,< 3.0.0	—
CVE-2014-1830	medium	—	requests	2.0.0,< 3.0.0	—
CVE-2021-23368	medium	—	postcss	8	—
CVE-2021-23382	medium	—	postcss	8	—
CVE-2023-36464	medium	—	pypdf	—	—
CVE-2023-37276	medium	—	aiohttp	—	—
CVE-2023-41040	medium	—	gitpython	3.1.0	—
CVE-2023-44270	medium	—	postcss	8.4.23	—
CVE-2023-46250	medium	—	pypdf	—	—
CVE-2023-47627	medium	—	aiohttp	—	—
CVE-2023-49081	medium	—	aiohttp	—	—
CVE-2023-49082	medium	—	aiohttp	—	—
CVE-2024-12910	medium	—	llama-index	—	—
CVE-2024-22195	medium	—	jinja2	3.0.0	—
CVE-2024-23829	medium	—	aiohttp	—	—
CVE-2024-27306	medium	—	aiohttp	—	—
CVE-2024-2965	medium	—	langchain	—	—
CVE-2024-34064	medium	—	jinja2	3.0.0	—
CVE-2024-35195	medium	—	requests	2.0.0,< 3.0.0	—
CVE-2024-3571	medium	—	langchain	—	—
CVE-2024-42367	medium	—	aiohttp	—	—
CVE-2024-47081	medium	—	requests	2.0.0,< 3.0.0	—
CVE-2024-4890	medium	—	litellm	—	—
CVE-2024-49766	medium	—	werkzeug	3.0.3	—
CVE-2024-49767	medium	—	werkzeug	3.0.3	—
CVE-2024-5225	medium	—	litellm	—	—
CVE-2024-52303	medium	—	aiohttp	—	—
CVE-2024-52304	medium	—	aiohttp	—	—
CVE-2024-56201	medium	—	jinja2	3.0.0	—
CVE-2024-56326	medium	—	jinja2	3.0.0	—
CVE-2024-5710	medium	—	litellm	—	—
CVE-2025-11844	medium	—	smolagents	—	—
CVE-2025-13465	medium	—	lodash	4.17.21	—
CVE-2025-23207	medium	—	katex	0.16.10	—
CVE-2025-25288	medium	—	@octokit/plugin-paginate-rest	6.1.2	—
CVE-2025-25289	medium	—	@octokit/request-error	3.0.3	—
CVE-2025-25290	medium	—	@octokit/request	6.2.8	—
CVE-2025-27516	medium	—	jinja2	3.0.0	—
CVE-2025-55173	medium	—	next	15.2.3	—
CVE-2025-55197	medium	—	pypdf	—	—
CVE-2025-57752	medium	—	next	15.2.3	—
CVE-2025-57822	medium	—	next	15.2.3	—
CVE-2025-59471	medium	—	next	15.2.3	—
CVE-2025-6211	medium	—	llama-index	—	—
CVE-2025-62707	medium	—	pypdf	—	—
CVE-2025-62708	medium	—	pypdf	—	—
CVE-2025-62718	medium	—	axios	1.8.3	—
CVE-2025-64718	medium	—	js-yaml	4.1.0	—
CVE-2025-66019	medium	—	pypdf	—	—
CVE-2025-66221	medium	—	werkzeug	3.0.3	—
CVE-2025-69227	medium	—	aiohttp	—	—
CVE-2025-69228	medium	—	aiohttp	—	—
CVE-2025-69229	medium	—	aiohttp	—	—
CVE-2025-69873	medium	—	ajv	8.13.0	—
CVE-2026-21860	medium	—	werkzeug	3.0.3	—
CVE-2026-22815	medium	—	aiohttp	—	—
CVE-2026-24688	medium	—	pypdf	—	—
CVE-2026-25645	medium	—	requests	2.0.0,< 3.0.0	—
CVE-2026-27024	medium	—	pypdf	—	—
CVE-2026-27025	medium	—	pypdf	—	—
CVE-2026-27026	medium	—	pypdf	—	—
CVE-2026-27199	medium	—	werkzeug	3.0.3	—
CVE-2026-27888	medium	—	pypdf	—	—
CVE-2026-27980	medium	—	next	15.2.3	—
CVE-2026-28277	medium	—	langgraph	—	—
CVE-2026-28351	medium	—	pypdf	—	—
CVE-2026-28684	medium	—	python-dotenv	—	—
CVE-2026-28804	medium	—	pypdf	—	—
CVE-2026-29057	medium	—	next	15.2.3	—
CVE-2026-2950	medium	—	lodash	4.17.21	—
CVE-2026-31826	medium	—	pypdf	—	—
CVE-2026-33123	medium	—	pypdf	—	—
CVE-2026-33672	medium	—	picomatch	2.3.1	—
CVE-2026-33699	medium	—	pypdf	—	—
CVE-2026-33750	medium	—	brace-expansion	1.1.11	—
CVE-2026-34450	medium	—	anthropic	—	—
CVE-2026-34452	medium	—	anthropic	—	—
CVE-2026-34515	medium	—	aiohttp	—	—
CVE-2026-34516	medium	—	aiohttp	—	—
CVE-2026-34525	medium	—	aiohttp	—	—
CVE-2026-40175	medium	—	axios	1.8.3	—
CVE-2026-40260	medium	—	pypdf	—	—
CVE-2026-41168	medium	—	pypdf	—	—
CVE-2026-41305	medium	—	postcss	8.4.23	—
CVE-2026-41312	medium	—	pypdf	—	—
CVE-2026-41313	medium	—	pypdf	—	—
CVE-2026-41314	medium	—	pypdf	—	—
CVE-2026-41907	medium	—	uuid	11.1.0	—
CVE-2026-42034	medium	—	axios	1.8.3	—
CVE-2026-42036	medium	—	axios	1.8.3	—
CVE-2026-42037	medium	—	axios	1.8.3	—
CVE-2026-42038	medium	—	axios	1.8.3	—
CVE-2026-42039	medium	—	axios	1.8.3	—
CVE-2026-42041	medium	—	axios	1.8.3	—
CVE-2026-42042	medium	—	axios	1.8.3	—
CVE-2026-42044	medium	—	axios	1.8.3	—
GHSA-pjjw-qhg8-p2p9	medium	—	aiohttp	—	—
GHSA-r4q5-vmmm-2653	medium	—	follow-redirects	1.15.6	—
GHSA-w37m-7fhw-fmv9	medium	—	next	15.2.3	—
CVE-2021-21330	low	—	aiohttp	—	—
CVE-2023-47641	low	—	aiohttp	—	—
CVE-2024-0243	low	—	langchain	—	—
CVE-2024-28088	low	—	langchain	—	—
CVE-2024-40647	low	—	sentry-sdk	1.39.1	—
CVE-2024-8309	low	—	langchain	—	—
CVE-2025-30218	low	—	next	15.2.3	—
CVE-2025-46656	low	—	markdownify	—	—
CVE-2025-48068	low	—	next	14.2.26	—
CVE-2025-48985	low	—	ai	4.3.9	—
CVE-2025-53643	low	—	aiohttp	—	—
CVE-2025-54798	low	—	tmp	0.0.33	—
CVE-2025-5889	low	—	brace-expansion	1.1.11	—
CVE-2025-68142	low	—	pymdown-extensions	10.15	—
CVE-2025-69224	low	—	aiohttp	—	—
CVE-2025-69225	low	—	aiohttp	—	—
CVE-2025-69226	low	—	aiohttp	—	—
CVE-2025-69230	low	—	aiohttp	—	—
CVE-2026-22690	low	—	pypdf	—	—
CVE-2026-22691	low	—	pypdf	—	—
CVE-2026-24001	low	—	diff	5.2.0	—
CVE-2026-2654	low	—	smolagents	—	—
CVE-2026-27628	low	—	pypdf	—	—
CVE-2026-34513	low	—	aiohttp	—	—
CVE-2026-34514	low	—	aiohttp	—	—
CVE-2026-34517	low	—	aiohttp	—	—
CVE-2026-34518	low	—	aiohttp	—	—
CVE-2026-34519	low	—	aiohttp	—	—
CVE-2026-34520	low	—	aiohttp	—	—
CVE-2026-41488	low	—	langchain-openai	—	—
CVE-2026-42040	low	—	axios	1.8.3	—
CVE-2026-4963	low	—	smolagents	—	—
CVE-2026-7597	low	—	mem0ai	—	—
CVE-2020-13091	unknown	—	pandas	—	—
CVE-2024-45201	unknown	—	llama-index	—	—
CVE-2025-6209	unknown	—	llama-index	—	—
MAL-2026-2144	unknown	—	litellm	—	—
PYSEC-2026-2	unknown	—	litellm	—	—

Showing 224 of 224