Tools / docs / Security

Security Deep Dive

docs

Security posture and CVE patch evidence from tracked releases.

Back to Tool

16 critical dependency CVEs affects v5.2.0.

Audit transitive dependencies; consider upgrading or pinning replacements.

— Signed — SLSA — SBOM ✓ Security policy Weekly cadence · 5d median Active maintainer

Trust Signals — 3 of 9 Present

Evidence already collected from releases and repository metadata.

3/9 Present

Signed releases Unknown

Latest release artifact signature Latest release

—

SLSA provenance Unknown

Attestation predicate level Latest release

—

SBOM published Unknown

GitHub SBOM API Latest release

—

SECURITY.md Present

GitHub repository metadata Repository policy

Checked: 22d ago

Release cadence: weekly Present

5d median over recent releases Release history

Latest release: today

Maintainer active Present

Recent commit activity Repository

Last commit: 1d ago

Checksums (SHA256SUMS) Not active yet

SHA256SUMS or equivalent Release asset

Latest release: today

GitHub Actions attestation Not active yet

actions/attest-build-provenance Workflow file

Latest release: today

Signing assets Not active yet

.sig, .crt, cosign.pub, or similar Release asset

Latest release: today

3.8/10 Security Score

Pending CVE Patch Speed

Open CVEs Open CVEs detected for latest version.

Security Score

A composite score aggregating Scorecard performance, CVE patch history, OpenSSF badge tier, and dependency vulnerability exposure. Score ≥ 7.0 is healthy; < 4.0 warrants attention.

epss

0.25 / 0.5

No EPSS data

freshness

1.00 / 1.0

Up to date

scorecard

2.00 / 4.0

⚠ Estimated — not yet collected

cve health

0.00 / 2.5

Open CVEs detected

patch speed

0.50 / 0.5

⚠ Estimated — no CVE patch history

kev exposure

1.50 / 1.5

No KEV exposure

supply chain risk

-1.50 / 10.0

Risk 100.0/100

Score breakdown

schema v2

Vulnerability posture

vulnerability posture

0.0

25%

direct cves: open cve scan: available

Release responsiveness

release responsiveness

10.0

patch speed days: no_history

Dependency exposure

dependency exposure

0.0

10%

supply chain risk: 100.0 transitive cves: 16c/72h

Provenance trust

provenance trust

5.0

40%

scorecard score: estimated openssf badge: none

Maintainer health

maintainer health

10.0

10%

activity freshness: 0d

Operational risk

operational risk

8.5

10%

kev exposure: clear epss max: none

How is this calculated?

The six dimensions group the legacy score signals into weighted categories: direct vulnerability status, patch responsiveness, dependency exposure, provenance checks, maintainer activity, and exploitability risk. The flat component values above remain available for compatibility.

Supply Chain Risk

Risk 100.0/100

16 Transitive critical CVEs

0 KEV-transitive CVEs

58% Dependency freshness

OpenSSF Badge

OpenSSF none

Badge indicates adherence to open-source best practices.

Dependency Vulnerabilities

2630 dependencies scanned View full dependency list →

Scanning the SBOM (Software Bill of Materials) of the latest release for known vulnerabilities in transitive dependencies.

Critical

High

Medium

Low

Unknown

Still affecting latest (7) All (163)

Critical 16 High 72 Medium 66 Low 9

CVE	Severity	KEV	Dependency	Affected version	Cleared in release
CVE-2011-0698	critical	—	django	—	v5.1.0
CVE-2012-3442	critical	—	django	—	v5.1.0
CVE-2014-0472	critical	—	django	—	v5.1.0
CVE-2014-1418	critical	—	django	—	v5.1.0
CVE-2016-9013	critical	—	django	—	v5.1.0
CVE-2016-9014	critical	—	django	—	v5.1.0
CVE-2019-14234	critical	—	django	—	v5.1.0
CVE-2019-19844	critical	—	django	—	v5.1.0
CVE-2020-7471	critical	—	django	—	v5.1.0
CVE-2021-35042	critical	—	django	—	v5.1.0
CVE-2022-28346	critical	—	django	—	v5.1.0
CVE-2022-28347	critical	—	django	—	v5.1.0
CVE-2022-34265	critical	—	django	—	v5.1.0
CVE-2023-31047	critical	—	django	—	v5.1.0
CVE-2024-42005	critical	—	django	—	v5.1.0
CVE-2025-64459	critical	—	django	—	v5.1.0
CVE-2007-0404	high	—	django	—	v5.1.0
CVE-2007-5712	high	—	django	—	v5.1.0
CVE-2008-3909	high	—	django	—	v5.1.0
CVE-2009-2659	high	—	django	—	v5.1.0
CVE-2009-3695	high	—	django	—	v5.1.0
CVE-2010-4534	high	—	django	—	v5.1.0
CVE-2011-0696	high	—	django	—	v5.1.0
CVE-2011-4137	high	—	django	—	v5.1.0
CVE-2011-4138	high	—	django	—	v5.1.0
CVE-2011-4139	high	—	django	—	v5.1.0
CVE-2011-4140	high	—	django	—	v5.1.0
CVE-2012-3443	high	—	django	—	v5.1.0
CVE-2012-3444	high	—	django	—	v5.1.0
CVE-2012-4520	high	—	django	—	v5.1.0
CVE-2013-1443	high	—	django	—	v5.1.0
CVE-2013-4315	high	—	django	—	v5.1.0
CVE-2014-0473	high	—	django	—	v5.1.0
CVE-2014-0474	high	—	django	—	v5.1.0
CVE-2014-0480	high	—	django	—	v5.1.0
CVE-2014-0481	high	—	django	—	v5.1.0
CVE-2014-3730	high	—	django	—	v5.1.0
CVE-2015-0221	high	—	django	—	v5.1.0
CVE-2015-0222	high	—	django	—	v5.1.0
CVE-2015-2316	high	—	django	—	v5.1.0
CVE-2015-5143	high	—	django	—	v5.1.0
CVE-2015-5144	high	—	django	—	v5.1.0
CVE-2015-5145	high	—	django	—	v5.1.0
CVE-2016-2048	high	—	django	—	v5.1.0
CVE-2016-7401	high	—	django	—	v5.1.0
CVE-2018-6188	high	—	django	—	v5.1.0
CVE-2019-14232	high	—	django	—	v5.1.0
CVE-2019-14233	high	—	django	—	v5.1.0
CVE-2019-14235	high	—	django	—	v5.1.0
CVE-2019-19118	high	—	django	—	v5.1.0
CVE-2019-3498	high	—	django	—	v5.1.0
CVE-2019-6975	high	—	django	—	v5.1.0
CVE-2020-13254	high	—	django	—	v5.1.0
CVE-2020-24583	high	—	django	—	v5.1.0
CVE-2020-9402	high	—	django	—	v5.1.0
CVE-2021-31542	high	—	django	—	v5.1.0
CVE-2021-33571	high	—	django	—	v5.1.0
CVE-2021-45115	high	—	django	—	v5.1.0
CVE-2021-45116	high	—	django	—	v5.1.0
CVE-2022-23833	high	—	django	—	v5.1.0
CVE-2022-36359	high	—	django	—	v5.1.0
CVE-2022-41323	high	—	django	—	v5.1.0
CVE-2023-23969	high	—	django	—	v5.1.0
CVE-2023-24580	high	—	django	—	v5.1.0
CVE-2023-28859	high	—	redis	—	v5.1.0
CVE-2023-36053	high	—	django	—	v5.1.0
CVE-2023-43665	high	—	django	—	v5.1.0
CVE-2023-46695	high	—	django	—	v5.1.0
CVE-2024-24680	high	—	django	—	v5.1.0
CVE-2024-38875	high	—	django	—	v5.1.0
CVE-2024-39330	high	—	django	—	v5.1.0
CVE-2024-39614	high	—	django	—	v5.1.0
CVE-2024-45296	high	—	path-to-regexp	2.4.0	v5.1.0
CVE-2024-53908	high	—	django	—	v5.1.0
CVE-2025-57833	high	—	django	—	v5.1.0
CVE-2025-59681	high	—	django	—	v5.1.0
CVE-2025-64458	high	—	django	—	v5.1.0
CVE-2026-1207	high	—	django	—	v5.1.0
CVE-2026-1287	high	—	django	—	v5.1.0
CVE-2026-25673	high	—	django	—	v5.1.0
CVE-2026-29074	high	—	svgo	3.3.2	v5.1.0
CVE-2026-33034	high	—	django	—	v5.1.0
CVE-2026-3902	high	—	django	—	v5.1.0
CVE-2026-44728	high	—	@babel/plugin-transform-modules-systemjs	7.27.1	v5.1.0
CVE-2026-4800	high	—	lodash	4.17.21	v5.1.0
CVE-2026-6321	high	—	fast-uri	3.1.0	v5.1.0
CVE-2026-6322	high	—	fast-uri	3.1.0	v5.1.0
GHSA-hg79-j56m-fxgv	high	—	react	—	v5.1.0
CVE-2007-0405	medium	—	django	—	v5.1.0
CVE-2008-2302	medium	—	django	—	v5.1.0
CVE-2010-3082	medium	—	django	—	v5.1.0
CVE-2010-4535	medium	—	django	—	v5.1.0
CVE-2011-0697	medium	—	django	—	v5.1.0
CVE-2011-4136	medium	—	django	—	v5.1.0
CVE-2013-0305	medium	—	django	—	v5.1.0
CVE-2013-0306	medium	—	django	—	v5.1.0
CVE-2013-1664	medium	—	django	—	v5.1.0
CVE-2013-1665	medium	—	django	—	v5.1.0
CVE-2013-4249	medium	—	django	—	v5.1.0
CVE-2013-6044	medium	—	django	—	v5.1.0
CVE-2013-7035	medium	—	react	—	v5.1.0
CVE-2014-0482	medium	—	django	—	v5.1.0
CVE-2014-0483	medium	—	django	—	v5.1.0
CVE-2015-0219	medium	—	django	—	v5.1.0
CVE-2015-0220	medium	—	django	—	v5.1.0
CVE-2015-2241	medium	—	django	—	v5.1.0
CVE-2015-2317	medium	—	django	—	v5.1.0
CVE-2015-3982	medium	—	django	—	v5.1.0
CVE-2015-5963	medium	—	django	—	v5.1.0
CVE-2015-5964	medium	—	django	—	v5.1.0
CVE-2015-8213	medium	—	django	—	v5.1.0
CVE-2016-2512	medium	—	django	—	v5.1.0
CVE-2016-6186	medium	—	django	—	v5.1.0
CVE-2017-12794	medium	—	django	—	v5.1.0
CVE-2017-7233	medium	—	django	—	v5.1.0
CVE-2017-7234	medium	—	django	—	v5.1.0
CVE-2018-14574	medium	—	django	—	v5.1.0
CVE-2018-16984	medium	—	django	—	v5.1.0
CVE-2018-6341	medium	—	react-dom	—	v5.1.0
CVE-2018-7536	medium	—	django	—	v5.1.0
CVE-2019-11358	medium	—	django	—	v5.1.0
CVE-2019-12308	medium	—	django	—	v5.1.0
CVE-2019-12781	medium	—	django	—	v5.1.0
CVE-2020-13596	medium	—	django	—	v5.1.0
CVE-2020-24584	medium	—	django	—	v5.1.0
CVE-2021-28658	medium	—	django	—	v5.1.0
CVE-2021-32052	medium	—	django	—	v5.1.0
CVE-2021-3281	medium	—	django	—	v5.1.0
CVE-2021-33203	medium	—	django	—	v5.1.0
CVE-2021-44420	medium	—	django	—	v5.1.0
CVE-2021-45452	medium	—	django	—	v5.1.0
CVE-2022-22818	medium	—	django	—	v5.1.0
CVE-2023-28858	medium	—	redis	—	v5.1.0
CVE-2023-41164	medium	—	django	—	v5.1.0
CVE-2024-27351	medium	—	django	—	v5.1.0
CVE-2024-39329	medium	—	django	—	v5.1.0
CVE-2024-41989	medium	—	django	—	v5.1.0
CVE-2024-41990	medium	—	django	—	v5.1.0
CVE-2024-41991	medium	—	django	—	v5.1.0
CVE-2024-45230	medium	—	django	—	v5.1.0
CVE-2024-45231	medium	—	django	—	v5.1.0
CVE-2024-53907	medium	—	django	—	v5.1.0
CVE-2024-56374	medium	—	django	—	v5.1.0
CVE-2025-13372	medium	—	django	—	v5.1.0
CVE-2025-13465	medium	—	lodash	4.17.21	v5.1.0
CVE-2025-26699	medium	—	django	—	v5.1.0
CVE-2025-27556	medium	—	django	—	v5.1.0
CVE-2025-32873	medium	—	django	—	v5.1.0
CVE-2025-48432	medium	—	django	—	v5.1.0
CVE-2025-64460	medium	—	django	—	v5.1.0
CVE-2025-69873	medium	—	ajv	8.17.1	v5.1.0
CVE-2026-1312	medium	—	django	—	v5.1.0
CVE-2026-2950	medium	—	lodash	4.17.21	v5.1.0
CVE-2026-33033	medium	—	django	—	v5.1.0
CVE-2016-2513	low	—	django	—	v5.1.0
CVE-2018-7537	low	—	django	—	v5.1.0
CVE-2025-13473	low	—	django	—	v5.1.0
CVE-2025-14550	low	—	django	—	v5.1.0
CVE-2025-59682	low	—	django	—	v5.1.0
CVE-2026-1285	low	—	django	—	v5.1.0
CVE-2026-25674	low	—	django	—	v5.1.0
CVE-2026-4277	low	—	django	—	v5.1.0
CVE-2026-4292	low	—	django	—	v5.1.0

Showing 163 of 163