Tools / AIOS / Security

Security Deep Dive

AIOS

Security posture and CVE patch evidence from tracked releases.

Back to Tool

1 open KEV CVE affects v0.3.0.

KEV-listed CVEs are confirmed exploited in the wild — patch urgently.

✗ Signed ✗ SLSA ✓ SBOM ✗ Security policy Unknown cadence Active maintainer

Trust Signals — 2 of 9 Present

Evidence already collected from releases and repository metadata.

2/9 Present

Signed releases Absent

Latest release artifact signature None

Last verified: 22d ago

SLSA provenance Absent

Attestation predicate level Latest release

Last verified: 22d ago

SBOM published Present

GitHub SBOM API Latest release

Last verified: 28d ago

SECURITY.md Absent

GitHub repository metadata Repository policy

Checked: 23d ago

Release cadence Unknown

12-release median Release history

Latest release: 4mo ago

Maintainer active Present

Recent commit activity Repository

Last commit: 26d ago

Checksums (SHA256SUMS) Not active yet

SHA256SUMS or equivalent Release asset

Latest release: 4mo ago

GitHub Actions attestation Not active yet

actions/attest-build-provenance Workflow file

Latest release: 4mo ago

Signing assets Not active yet

.sig, .crt, cosign.pub, or similar Release asset

Latest release: 4mo ago

3.8/10 Security Score

Dependency Exposure 159 transitive dependency CVEs found in the latest SBOM. 23 critical.

Security Score

A composite score aggregating Scorecard performance, CVE patch history, OpenSSF badge tier, and dependency vulnerability exposure. Score ≥ 7.0 is healthy; < 4.0 warrants attention.

epss

0.25 / 0.5

No EPSS data

freshness

1.00 / 1.0

26d stale

scorecard

2.00 / 4.0

⚠ Estimated — not yet collected

cve health

0.00 / 2.5

⚠ No direct scan — 23c/62h transitive CVEs

patch speed

0.50 / 0.5

⚠ Estimated — no CVE patch history

kev exposure

1.50 / 1.5

No KEV exposure

supply chain risk

-1.50 / 10.0

Risk 100.0/100

Score breakdown

schema v2

Vulnerability posture

vulnerability posture

0.0

25%

direct cves: clear cve scan: estimated

Release responsiveness

release responsiveness

10.0

patch speed days: no_history

Dependency exposure

dependency exposure

0.0

10%

supply chain risk: 100.0 transitive cves: 23c/62h

Provenance trust

provenance trust

5.0

40%

scorecard score: estimated openssf badge: none

Maintainer health

maintainer health

10.0

10%

activity freshness: 26d

Operational risk

operational risk

8.5

10%

kev exposure: clear epss max: none

How is this calculated?

The six dimensions group the legacy score signals into weighted categories: direct vulnerability status, patch responsiveness, dependency exposure, provenance checks, maintainer activity, and exploitability risk. The flat component values above remain available for compatibility.

Supply Chain Risk

Risk 100.0/100

23 Transitive critical CVEs

0 KEV-transitive CVEs

50% Dependency freshness

OpenSSF Badge

OpenSSF none

Badge indicates adherence to open-source best practices.

1 open CVE against AIOS

Sorted by KEV-listed first, then longest exposure.

CVE	Severity	CVSS	EPSS	Days open	KEV	Status
CVE-2026-42208	CRITICAL	9.8	98%ile	27d	KEV	Affects vLATEST

Dependency Vulnerabilities

48 dependencies scanned View full dependency list →

Scanning the SBOM (Software Bill of Materials) of the latest release for known vulnerabilities in transitive dependencies.

Critical

High

Medium

Low

Unknown

Still affecting latest (18) All (159)

Critical 23 High 62 Medium 63 Low 8 Unknown 3

CVE	Severity	KEV	Dependency	Affected version	Cleared in release
CVE-2019-6446	critical	—	numpy	—	—
CVE-2020-13092	critical	—	scikit-learn	—	—
CVE-2023-50447	critical	—	pillow	10.1.0	—
CVE-2023-6730	critical	—	transformers	—	—
CVE-2024-11041	critical	—	vllm	—	—
CVE-2024-2952	critical	—	litellm	—	—
CVE-2024-3098	critical	—	llama-index-core	0.10.19	—
CVE-2024-3271	critical	—	llama-index-core	0.10.19	—
CVE-2024-3829	critical	—	qdrant-client	—	—
CVE-2024-45201	critical	—	llama-index-core	0.10.19	—
CVE-2024-5751	critical	—	litellm	—	—
CVE-2024-9052	critical	—	vllm	—	—
CVE-2024-9053	critical	—	vllm	—	—
CVE-2025-14009	critical	—	nltk	—	—
CVE-2025-1793	critical	—	llama-index	0.10.19	—
CVE-2025-29783	critical	—	vllm	—	—
CVE-2025-32444	critical	—	vllm	—	—
CVE-2025-47277	critical	—	vllm	—	—
CVE-2026-22778	critical	—	vllm	—	—
CVE-2026-35030	critical	—	litellm	—	—
CVE-2026-42208	critical	—	litellm	—	—
GHSA-5mg7-485q-xm76	critical	—	litellm	—	—
GHSA-ggpf-24jw-3fcw	critical	—	vllm	—	—
CVE-2014-1858	high	—	numpy	—	—
CVE-2014-1859	high	—	numpy	—	—
CVE-2017-12852	high	—	numpy	—	—
CVE-2018-1000656	high	—	flask	—	—
CVE-2018-18074	high	—	requests	—	—
CVE-2019-1010083	high	—	flask	—	—
CVE-2019-14751	high	—	nltk	—	—
CVE-2020-28975	high	—	scikit-learn	—	—
CVE-2020-7694	high	—	uvicorn	—	—
CVE-2020-7695	high	—	uvicorn	—	—
CVE-2021-32677	high	—	fastapi	—	—
CVE-2021-3828	high	—	nltk	—	—
CVE-2021-3842	high	—	nltk	—	—
CVE-2021-41495	high	—	numpy	—	—
CVE-2021-43854	high	—	nltk	—	—
CVE-2023-28859	high	—	redis	4.5.1	—
CVE-2023-30861	high	—	flask	—	—
CVE-2023-7018	high	—	transformers	—	—
CVE-2024-10188	high	—	litellm	—	—
CVE-2024-11392	high	—	transformers	—	—
CVE-2024-11393	high	—	transformers	—	—
CVE-2024-11394	high	—	transformers	—	—
CVE-2024-12704	high	—	llama-index-core	0.10.19	—
CVE-2024-12911	high	—	llama-index	0.10.19	—
CVE-2024-24762	high	—	fastapi	—	—
CVE-2024-28219	high	—	pillow	10.1.0	—
CVE-2024-39705	high	—	nltk	—	—
CVE-2024-4264	high	—	litellm	—	—
CVE-2024-4888	high	—	litellm	—	—
CVE-2024-6587	high	—	litellm	—	—
CVE-2024-6825	high	—	litellm	—	—
CVE-2024-8768	high	—	vllm	—	—
CVE-2024-8984	high	—	litellm	—	—
CVE-2024-9606	high	—	litellm	—	—
CVE-2025-0330	high	—	litellm	—	—
CVE-2025-0628	high	—	litellm	—	—
CVE-2025-24357	high	—	vllm	—	—
CVE-2025-30165	high	—	vllm	—	—
CVE-2025-30202	high	—	vllm	—	—
CVE-2025-48956	high	—	vllm	—	—
CVE-2025-5302	high	—	llama-index-core	0.10.19	—
CVE-2025-59425	high	—	vllm	—	—
CVE-2025-62164	high	—	vllm	—	—
CVE-2025-62372	high	—	vllm	—	—
CVE-2025-6242	high	—	vllm	—	—
CVE-2025-66448	high	—	vllm	—	—
CVE-2025-7647	high	—	llama-index-core	0.10.19	—
CVE-2025-7707	high	—	llama-index	0.10.19	—
CVE-2025-9141	high	—	vllm	—	—
CVE-2026-0846	high	—	nltk	—	—
CVE-2026-0847	high	—	nltk	—	—
CVE-2026-22807	high	—	vllm	—	—
CVE-2026-24779	high	—	vllm	—	—
CVE-2026-27893	high	—	vllm	—	—
CVE-2026-33231	high	—	nltk	—	—
CVE-2026-33236	high	—	nltk	—	—
CVE-2026-35029	high	—	litellm	—	—
CVE-2026-41066	high	—	lxml	—	—
CVE-2026-42203	high	—	litellm	—	—
CVE-2026-42271	high	—	litellm	—	—
GHSA-69x8-hrgq-fjj8	high	—	litellm	—	—
GHSA-mcmc-2m55-j8jj	high	—	vllm	—	—
CVE-2014-1829	medium	—	requests	—	—
CVE-2014-1830	medium	—	requests	—	—
CVE-2014-3146	medium	—	lxml	—	—
CVE-2015-2296	medium	—	requests	—	—
CVE-2018-19787	medium	—	lxml	—	—
CVE-2020-27783	medium	—	lxml	—	—
CVE-2021-28957	medium	—	lxml	—	—
CVE-2021-33430	medium	—	numpy	—	—
CVE-2021-34141	medium	—	numpy	—	—
CVE-2021-41496	medium	—	numpy	—	—
CVE-2021-43818	medium	—	lxml	—	—
CVE-2022-2309	medium	—	lxml	—	—
CVE-2023-2800	medium	—	transformers	—	—
CVE-2023-28858	medium	—	redis	4.5.1	—
CVE-2023-32681	medium	—	requests	—	—
CVE-2024-12720	medium	—	transformers	—	—
CVE-2024-12910	medium	—	llama-index	0.10.19	—
CVE-2024-35195	medium	—	requests	—	—
CVE-2024-47081	medium	—	requests	—	—
CVE-2024-4890	medium	—	litellm	—	—
CVE-2024-5206	medium	—	scikit-learn	—	—
CVE-2024-5225	medium	—	litellm	—	—
CVE-2024-5710	medium	—	litellm	—	—
CVE-2024-8939	medium	—	vllm	—	—
CVE-2025-1194	medium	—	transformers	—	—
CVE-2025-2099	medium	—	transformers	—	—
CVE-2025-29770	medium	—	vllm	—	—
CVE-2025-3262	medium	—	transformers	—	—
CVE-2025-3263	medium	—	transformers	—	—
CVE-2025-3264	medium	—	transformers	—	—
CVE-2025-3933	medium	—	transformers	—	—
CVE-2025-46560	medium	—	vllm	—	—
CVE-2025-46722	medium	—	vllm	—	—
CVE-2025-48887	medium	—	vllm	—	—
CVE-2025-48942	medium	—	vllm	—	—
CVE-2025-48943	medium	—	vllm	—	—
CVE-2025-48944	medium	—	vllm	—	—
CVE-2025-5197	medium	—	transformers	—	—
CVE-2025-5472	medium	—	llama-index-core	0.10.19	—
CVE-2025-6051	medium	—	transformers	—	—
CVE-2025-61620	medium	—	vllm	—	—
CVE-2025-6208	medium	—	llama-index-core	0.10.19	—
CVE-2025-6211	medium	—	llama-index	0.10.19	—
CVE-2025-62426	medium	—	vllm	—	—
CVE-2025-6638	medium	—	transformers	—	—
CVE-2025-6921	medium	—	transformers	—	—
CVE-2026-1839	medium	—	transformers	—	—
CVE-2026-22773	medium	—	vllm	—	—
CVE-2026-25645	medium	—	requests	—	—
CVE-2026-25960	medium	—	vllm	—	—
CVE-2026-28684	medium	—	python-dotenv	—	—
CVE-2026-33230	medium	—	nltk	—	—
CVE-2026-34753	medium	—	vllm	—	—
CVE-2026-34755	medium	—	vllm	—	—
CVE-2026-34756	medium	—	vllm	—	—
CVE-2026-40491	medium	—	gdown	—	—
CVE-2026-42308	medium	—	pillow	10.1.0	—
CVE-2026-42310	medium	—	pillow	10.1.0	—
CVE-2026-44222	medium	—	vllm	—	—
CVE-2026-44223	medium	—	vllm	—	—
GHSA-hf3c-wxg2-49q9	medium	—	vllm	—	—
GHSA-j828-28rj-hfhp	medium	—	vllm	—	—
GHSA-rf74-v2fm-23pw	medium	—	nltk	—	—
CVE-2024-3568	low	—	transformers	—	—
CVE-2025-25183	low	—	vllm	—	—
CVE-2025-3777	low	—	transformers	—	—
CVE-2025-46570	low	—	vllm	—	—
CVE-2025-47278	low	—	flask	—	—
CVE-2026-27205	low	—	flask	—	—
CVE-2026-7141	low	—	vllm	—	—
CVE-2026-7597	low	—	mem0ai	1.0.11	—
CVE-2024-45201	unknown	—	llama-index	0.10.19	—
MAL-2026-2144	unknown	—	litellm	—	—
PYSEC-2026-2	unknown	—	litellm	—	—

Showing 159 of 159